<<< Date Index >>>     <<< Thread Index >>>

A-Cart SQL Injection And Cross-Site Scripting



__________________________

A R I A - S E C U R I T Y 
___________________________
A-Cart SQL Injection And Cross-Site Scripting 
http://alanward.net

Cross Site Scripting:
http://localhost/path/error.asp?msg=XSS

SQL Injection:
http://localhost/path/product.asp?productid=' SQL COMMAND

Table Names are:
categories
customers
orderitems
orders
products
users (username,fullname,password,privileges)

Credits Goes To Aria-Security Team 
http://Aria-Security.Net
The-0utl4w