BoutikOne Multiples SQL Injection Vulnerability

cdx.security@xxxxxxxxx · Sun, 13 Mar 2011 12:11:42 -0600

- BoutikOne -
Multiples SQL Injection Vulnerability

RELEASE DATE : 13.03.2011
by Alz <cdx[dot]security[at]gmail[dot]com

[-] Google Dork: "Powered by BoutikOne"

[-> categorie.php] Var <path> :
http://[target]/categories.php?path=[sqli]

[-> list.php] Var <path> :
http://[target]/list.php?path=[sqli]

[-> description.php] Var <id> :
http://[target]/description.php?id=[sqli]

[-> description.php] Var <path> :
http://[target]/description.php?id=[id]&path=[sqli]

[-> search.php] Var <advCat> :
http://[target]/search.php?advCat=[sqli]

[-> search.php] Var <advComp> :
http://[target]/search.php?advComp=[sqli]

[-] RSS Folder:

[-> rss_news.php] Var <lang> :
http://[target]/rss/rss_news.php?lang=[sqli]

[-> rss_flash.php] Var <lang> :
http://[target]/rss/rss_flash.php?lang=[sqli]

[-> rss_promo.php] Var <lang> :
http://[target]/rss/rss_promo.php?lang=[sqli]

[-> rss_top10.php] Var <lang> :
http://[target]/rss/rss_top10.php?lang=[sqli]

[-> caddie.php] Multiples FORM Vulnerability

[-] SLQ Injection in <codePromo>
<input name="codePromo" size="12" type="text">

[-] SLQ Injection in <codeCadeau>
<input name="codeCadeau" size="15" type="text">

[-] SLQ Injection in <country>
<select name="country">

[-] Full PATH Disclosure:

[-> page_box.php] Var <module> :
http://[target]/page_box.php?module=%27

[-> page_box.php] Var <lang> :
http://[target]/page_box.php?lang=%27

[-> list.php] Var <target> :
http://[target]/list.php?target=%27

[-] Greetz to Darksky & litame

    Contact at #hackbbs @ irc.2600.net

  Enjoy.

Alz.