OpenCart <= 1.5.6.1 - (openbay) Multiple SQL Injection

No description provided by source. Exploit Title : OpenCart = 1.5.6.1 SQL Injection Date : 2014/3/26 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com...

OpenCart 1.5.6.1 SQL Injection

Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on many locations and paramter is passed without santize...