[*] Exploit Title: WTK Network Sql injection Vulnerability
[*] Google Dork: allinurl: "product.php?cat_id="
[*] Date: april, 11, 2015
[*] Exploit Author: ali ahmady From Iran
[*] Vendor Homepage: http://wtksoftware.com/
[*] Software Link: http://wtksoftware.com/clients/cart.php
[*] Version: 1.6.5
[*] Tested on: Linux
[*] demo : http://wtkdemo.com/unilevel_165_demo1/product.php?cat_id=1 AnD (true or false here)

WTK Network shopping CMS suffers from a Blind sql injection vulnerability 

site.com/path/product.php?cat_id=BSQLi


proof:  http://i.cubeupload.com/qQrf6D.png
    http://i.cubeupload.com/hsQ70A.png

Greets : VIRkid, Phantom_x, b0x