1 ######################
2 #
3 #easyTrade v2.x SQL Injection Vulnerability
4 #
5 ######################
6 #
7 #Bug by: h0yt3r
8 #
9 #Dork: "powered by easytrade"
10 #
11 ##
12 ###
13 ##
14 #
15 #Script suffers from a not correctly verified detail id variable which is used in SQL Querys.
16 #An Attacker can easily get sensitive information from the database by
17 #injecting unexpected SQL Querys.
18 #
19 #We dont get any SQL Errors when the Injection Query appear to be false.
20 #However we have to look for content changing when we inject.
21 #Look at AND 1=1/AND 1=0
22 #
23 #SQL Injection:
24 #http://[target]/[path]/detail.php?id=[SQL]
25 #
26 #PoC:
27 #detail.php?id=−1%20union%20select%20USER(),2,3,4,5,@@VERSION,7,8,9,10,11,12,13,database(),15,16
28 #
29 #######################
30 #
31 #Greetz to b!zZ!t, ramon, thund3r, Free−Hack, Sys−Flaw and of course the neverdying h4ck−y0u Team!
32 #
33 #######################
34 #######################
35
36 # milw0rm.com [2008−06−17]
Page 1/1
easyTrade 2.x detail.php id Remote SQL Injection Vulnerability
n/a
06/17/2008