System Shop (Module aktka) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : System Shop (Module aktka) SQL Injection Vulnerability
# Published : 2010-09-12
# Author : secret
# Previous Title : Joomla Component (com_jphone) Local File Inclusion Vulnerability
# Next Title : CS Cart 1.3.3 (install.php) Cross Site Scripting Vulnerability

  _____ ______ _____ _____  ______ _______ 
 / ____|  ____/ ____|  __ |  ____|__   __|
| (___ | |__ | |    | |__) | |__     | |   
 ___ |  __|| |    |  _  /|  __|    | |   
 ____) | |___| |____| |  | |____   | |   
|_____/|___________|_|  _______|  |_|   
                                           
                                           
# Exploit Title: System Shop SQL Injection - Module aktkat=
# Date: 12.09.2010
# Author: secret
# Software Link: www.system-shop.at
# Version: latest version
# Tested on: XP / Linux

#Dorks : inurl:"aktkat"  / "Powered by System Shop" / "System Shop" site:at

SQL Injection : 
===========================================================================================  

Simple Error Based / Normal SQL Injection in "aktkat="

e.g. http://server/kn.php?aktkat=16 [SQL INJECTION] / columns vary..

NOT FIXED - 12.09.2010

--------------------------------------------------------------------------------

Greetz to all brothers & sisters who are fighting for freedom in IRAN...

??? ??? ??? ????? ???

contact : secret_hf@hotmail.com