ZoGo-Shop e107 plugin 1.15.4 - SQL Injection Vuln


[o] ZoGo-Shop e107 plugins 1.15.4 SQL Injection Vulnerability

Software : ZoGo-Shop plugins version 1.15.4
Vendor : http://e107.org/
Download : http://plugins.e107.org/e107_plugins/psilo/psilo.php?artifact.89
Author : NoGe


[o] Vulnerable file
e107_plugins/zogo-shop/product_details.php
$product_ID=$_GET["product"];


[o] Exploit
http://localhost/[path]/e107_plugins/zogo-shop/product_details.php?product=[SQL]


[o] Dork
"Powered by ZoGo-Shop" or "e107_plugins/zogo-shop/product_details.php"