<<< Date Index >>>     <<< Thread Index >>>

FishCart [injection sql]



vendor site: http://fishcart.org/
product :fish cart
bug:injection sql
risk : medium

injection sql :
/display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='[sql]

( change the cartid value with yours )

laurent gaffie
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx