SecurityvulnsSECURITYVULNS:DOC:25916BoutikOne Multiples SQL Injection Vulnerability
- BoutikOne -
Multiples SQL Injection Vulnerability
RELEASE DATE : 13.03.2011
by Alz <cdx[dot]security[at]gmail[dot]com
[-] Google Dork: "Powered by BoutikOne"
[-> categorie.php] Var <path> :
http://[target]/categories.php?path=[sqli]
[-> list.php] Var <path> :
http://[target]/list.php?path=[sqli]
[-> description.php] Var <id> :
http://[target]/description.php?id=[sqli]
[-> description.php] Var <path> :
http://[target]/description.php?id=[id]&path=[sqli]
[-> search.php] Var <advCat> :
http://[target]/search.php?advCat=[sqli]
[-> search.php] Var <advComp> :
http://[target]/search.php?advComp=[sqli]
[-] RSS Folder:
[-> rss_news.php] Var <lang> :
http://[target]/rss/rss_news.php?lang=[sqli]
[-> rss_flash.php] Var <lang> :
http://[target]/rss/rss_flash.php?lang=[sqli]
[-> rss_promo.php] Var <lang> :
http://[target]/rss/rss_promo.php?lang=[sqli]
[-> rss_top10.php] Var <lang> :
http://[target]/rss/rss_top10.php?lang=[sqli]
[-> caddie.php] Multiples FORM Vulnerability
[-] SLQ Injection in <codePromo>
<input name="codePromo" size="12" type="text">
[-] SLQ Injection in <codeCadeau>
<input name="codeCadeau" size="15" type="text">
[-] SLQ Injection in <country>
<select name="country">
[-] Full PATH Disclosure:
[-> page_box.php] Var <module> :
http://[target]/page_box.php?module=%27
[-> page_box.php] Var <lang> :
http://[target]/page_box.php?lang=%27
[-> list.php] Var <target> :
http://[target]/list.php?target=%27
[-] Greetz to Darksky & litame
Contact at #hackbbs @ irc.2600.net
Enjoy.
Alz.