# Evatis Script SQL Injection Vulnerability
## Full Disclosure
#Exploit Title : Evatis Script SQL Injection Vulnerability
#Exploit Author : Dz MinD injector
#Date : 26/11/2015
#Home Page Link : http://www.evatis-dz.com
#Dork : Powered by Evatis Inurl:boutique
#Page Facebook : https://www.facebook.com/Hackers23Annaba
#Status : Not Patched
1. Description
"id" field in /boutique/?p=produit&produit_categorie_id= is not properly sanitized, that leads to SQL Injection Vulnerability.
2. Proof of Concept
http://localhost//boutique/?p=produit&produit_categorie_id=[Inject Here]
3.Demo:
http://www.mmXcd-dz.com/
http://www.promXedicum-dz.com/
# GreetZ ToO : Sige Dz - Dz Vatou - Kilwaa Dz & All Algeria HackerZ
#End