[*] Exploit Title: WTK Network 1.6.5 Sql injection Vulnerability [*] Google Dork: allinurl: "product.php?cat_id=" [*] Date: april, 11, 2015 [*] Exploit Author: ali ahmady From Iran [*] Vendor Homepage: http://wtksoftware.com/ [*] Software Link: http://wtksoftware.com/clients/cart.php [*] Version: 1.6.5 [*] Tested on: Linux [*] demo : http://wtkdemo.com/unilevel_165_demo1/product.php?cat_id=1 AnD (true or false here) WTK Network shopping CMS suffers from a Blind sql injection vulnerability site.com/path/product.php?cat_id=BSQLi proof: http://i.cubeupload.com/qQrf6D.png http://i.cubeupload.com/hsQ70A.png YT : https://www.youtube.com/watch?v=4_MaVRHLY94 Greets : VIRkid, Phantom_x, b0x