CoreCommerce SQL injection
| EKU-ID: 1747 | CVE: | OSVDB-ID: |
| Author: ZeTH | Published: 2012-03-26 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1747 | CVE: | OSVDB-ID: |
| Author: ZeTH | Published: 2012-03-26 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title : CoreCommerce SQL injection
# Date : 22/03/2012
# Author : ZeTH
# Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com
# Vendor : http://www.corecommerce.com
# Version : 3.0
# d0rk : intext:"Powered by Core-Commerce"
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
--[1]-- Introduction
CoreCommerce is the full-service shopping cart solution that makes it
easy for you to sell online. Choose from over 250+ hand-crafted,
professionally made themes for your store to get that look that's just
right.
--[2]-- Vulnerability
File : index.php
Attack Method : remote SQL injection
POC : http://site/catalogue/index.php?id=SQLi
--[3]-- Greetz
MainHack Brotherhood, Kecoak Elektronik, Echo
Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo,
Furkan, Pizzyroot, H312Y