System Shop SQL Injection

2010-09-13T00:00:00
ID PACKETSTORM:93752
Type packetstorm
Reporter secret
Modified 2010-09-13T00:00:00

Description

                                        
                                            ` _____ ______ _____ _____ ______ _______  
/ ____| ____/ ____| __ \| ____|__ __|  
| (___ | |__ | | | |__) | |__ | |   
\___ \| __|| | | _ /| __| | |   
____) | |___| |____| | \ \| |____ | |   
|_____/|______\_____|_| \_\______| |_|   
  
  
# Exploit Title: System Shop SQL Injection - Module aktkat=  
# Date: 12.09.2010  
# Author: secret  
# Software Link: www.system-shop.at  
# Version: latest version  
# Tested on: XP / Linux  
  
#Dorks : inurl:"aktkat" / "Powered by System Shop" / "System Shop" site:at  
  
SQL Injection :  
===========================================================================================   
  
Simple Error Based / Normal SQL Injection in "aktkat="  
  
e.g. http://server/kn.php?aktkat=16 [SQL INJECTION] / columns vary..  
  
NOT FIXED - 12.09.2010  
  
--------------------------------------------------------------------------------  
  
Greetz to all brothers & sisters who are fighting for freedom in IRAN...  
  
خدا شما کمک خواهد کرد  
  
contact : secret_hf@hotmail.com  
  
  
`