##################################################################################################
#Exploit Title : Lively cart SQL Injection vulnerability
#Author : Manish Kishan Tanwar AKA error1046
#Vendor Link : http://codecanyon.net/item/livelycart-a-jquery-php-store-shop/5531393
#Date : 18/06/2015
#Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################
////////////////////////
/// Overview:
////////////////////////
Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability
///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to search_query GET parameter
////////////////
/// POC ////
///////////////
http://SERVER/1.2.0/product/search?search_query='
--==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba,
#Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
#Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
#Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
#############################################################################################
--==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik)
--==[[ Special Fuck goes to ]]==--
<3 suriya Cyber Tyson <3
