eShopping Cart [injection sql]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: eShopping Cart [injection sql]
From: saps.audit@xxxxxxxxx
Date: 14 Nov 2006 17:27:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

vendor site:http://www.enthrallweb.com/
product:eShopping Cart
bug:injection sql
risk:medium



injection sql :
http://site.com/reviews.asp?ProductID='[sql]
http://site.com/subProducts.asp?cat_id='[sql]
http://site.com/productdetail.asp?ProductID='[sql]
http://site.com/subProducts.asp?cat_id=27&sub_id='[sql]



laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx

Prev by Date: Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
Next by Date: Whitepaper: Implementing and Detecting a PCI Rootkit
Previous by thread: Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )
Next by thread: Whitepaper: Implementing and Detecting a PCI Rootkit
Index(es):
- Date
- Thread