2DayBiz Multiple SQL Injection

EDB-ID: 14048 CVE: 2010-2691 OSVDB-ID: 65824...
Verified: Author: Sangteamtham Published: 2010-06-25
Download Exploit: Source Raw Download Vulnerable App: N/A
$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz custom T-shirt SQL Injection and Cross Site Scripting
Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/customt-shirt_designscript.html
$ Date :06/25/2010
$
$******************************************************************************************
$Exploit:
$
$ 1.SQL injection:
$
$ http://server/products_details.php?sbid=[id number]
$ http://server/products/products.php?pid=[id number]
$ http://server/designview.php?designid=[id number]
$
$
$
$
$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for
more security
$
$
$--------------------------------------------------------------------------------------------------------------------