<<< Date Index >>>     <<< Thread Index >>>

Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1



In-Reply-To: <20031215061530.20789.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

This vulnerability also exists in the account_edit_process.php and pretty much 
anywhere else you can input data into the country field by altering the form.

JeiAr


>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: JeiAr <security@xxxxxxxxxxxx>
>To: bugtraq@xxxxxxxxxxxxxxxxx
>Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
>
>
>
>Threw together a quick script that shop owners or admins can use to test 
>whether or not they are vuln. Should be handy in cases where store owners are 
>not sure what version they are running etc.
>
>http://www.gulftech.org/vuln/ossqlin.txt
>