# Exploit Title : CoreCommerce SQL injection
# Date : 22/03/2012
# Author : ZeTH
# Contact : zeth/at/hacktheplan8/dot/com https://www.hacktheplan8.com
# Vendor : https://www.corecommerce.com
# Version : 3.0
# d0rk : intext:"Powered by Core-Commerce"
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
--[1]-- Introduction
CoreCommerce is the full-service shopping cart solution that makes it
easy for you to sell online. Choose from over 250+ hand-crafted,
professionally made themes for your store to get that look that's just
right.
 
--[2]-- Vulnerability
File : index.php
Attack Method : remote SQL injection
POC : https://site/catalogue/index.php?id=SQLi
 
--[3]-- Greetz
MainHack Brotherhood, Kecoak Elektronik, Echo
Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo,
Furkan, Pizzyroot, H312Y