[转贴] Lizard Cart Multiple SQL Injection Exploit

主题	好友	1204 积分

金牌会员

发消息

发表于 2009-12-21 19:51:33 |显示全部楼层

Lizard Cart Multiple SQL Injection Exploit
减小字体增大字体
# Title: Lizard Cart Multiple SQL Injection Exploit
# EDB-ID: 10560
# CVE-ID: ()
# OSVDB-ID: ()
# Author: cr4wl3r
# Published: 2009-12-19
# Verified: no
# Download Exploit Code
# Download N/A

view sourceprint?################################################################################

## Exploit Title: Lizard Cart Multiple SQL Injection Exploit                ##

## Date: 20-12-2009                                                          ##

## Author: cr4wl3r                                                          ##

## Software Link: http://sourceforge.net/projects/lizardcart/                ##

## Version: N/A                                                             ##

## Tested on: GNU/LINUX                                                    ##

################################################################################

~ Code [detail.php]

$dbResult = mysql_query("select * from products where id='$id'");

~ PoC

[lizardcart_path]/detail.php?id=[SQL]

~ Code [pages.php]

$dbResult = mysql_query("select * from pages where id='$id'");

~ PoC

[lizardcart_path]/pages.php?id=[SQL]

使用道具举报