Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1
From: JeiAr <security@xxxxxxxxxxxx>
Date: 16 Dec 2003 22:45:15 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20031215061530.20789.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

This vulnerability also exists in the account_edit_process.php and pretty much 
anywhere else you can input data into the country field by altering the form.

JeiAr


>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: JeiAr <security@xxxxxxxxxxxx>
>To: bugtraq@xxxxxxxxxxxxxxxxx
>Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
>
>
>
>Threw together a quick script that shop owners or admins can use to test 
>whether or not they are vuln. Should be handy in cases where store owners are 
>not sure what version they are running etc.
>
>http://www.gulftech.org/vuln/ossqlin.txt
>

Prev by Date: [RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities
Next by Date: Re: Self-signed certs unrestricted in Windows XP
Previous by thread: RE: SQL Injection Vuln In osCommerce 2.2-MS1
Next by thread: re:Breaking the checksum (a new TCP/IP blind data injection technique
Index(es):
- Date
- Thread