CoreCommerce SQL injection



EKU-ID: 1747 CVE: OSVDB-ID:
Author: ZeTH Published: 2012-03-26 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title : CoreCommerce SQL injection
# Date : 22/03/2012
# Author : ZeTH
# Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com
# Vendor : http://www.corecommerce.com
# Version : 3.0
# d0rk : intext:"Powered by Core-Commerce"
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
--[1]-- Introduction
CoreCommerce is the full-service shopping cart solution that makes it
easy for you to sell online. Choose from over 250+ hand-crafted,
professionally made themes for your store to get that look that's just
right.

--[2]-- Vulnerability
File : index.php
Attack Method : remote SQL injection
POC : http://site/catalogue/index.php?id=SQLi

--[3]-- Greetz
MainHack Brotherhood, Kecoak Elektronik, Echo
Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo,
Furkan, Pizzyroot, H312Y