##################################################################################################
#Exploit Title : Lively cart SQL Injection vulnerability
#Author        : Manish Kishan Tanwar AKA error1046
#Vendor Link   : http://codecanyon.net/item/livelycart-a-jquery-php-store-shop/5531393
#Date          : 18/06/2015
#Love to       : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################

////////////////////////
/// Overview:
////////////////////////


Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability 

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to search_query GET parameter 

////////////////
///  POC   ////
///////////////


http://SERVER/1.2.0/product/search?search_query='


                             --==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba, 
#Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
#Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
#Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
#############################################################################################
                             --==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik)
                       --==[[ Special Fuck goes to ]]==--
                            <3  suriya Cyber Tyson <3