System Shop - 'Module aktka' SQL Injection

EDB-ID:

14985

CVE:

N/A


Author:

secret

Type:

webapps


Platform:

PHP

Date:

2010-09-12


  _____ ______ _____ _____  ______ _______ 
 / ____|  ____/ ____|  __ \|  ____|__   __|
| (___ | |__ | |    | |__) | |__     | |   
 \___ \|  __|| |    |  _  /|  __|    | |   
 ____) | |___| |____| | \ \| |____   | |   
|_____/|______\_____|_|  \_\______|  |_|   
                                           
                                           
# Exploit Title: System Shop SQL Injection - Module aktkat=
# Date: 12.09.2010
# Author: secret
# Software Link: www.system-shop.at
# Version: latest version
# Tested on: XP / Linux

#Dorks : inurl:"aktkat"  / "Powered by System Shop" / "System Shop" site:at

SQL Injection : 
===========================================================================================  

Simple Error Based / Normal SQL Injection in "aktkat="

e.g. http://server/kn.php?aktkat=16 [SQL INJECTION] / columns vary..

NOT FIXED - 12.09.2010

--------------------------------------------------------------------------------

Greetz to all brothers & sisters who are fighting for freedom in IRAN...

خدا شما کمک خواهد کرد

contact : secret_hf@hotmail.com