Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1

From: JeiAr <security () gulftech org>
Date: 16 Dec 2003 22:45:15 -0000
In-Reply-To: <20031215061530.20789.qmail () sf-www2-symnsj securityfocus com>

This vulnerability also exists in the account_edit_process.php and pretty much anywhere else you can input data into 
the country field by altering the form.

JeiAr



X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: JeiAr <security () gulftech org>
To: bugtraq () securityfocus com
Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1



Threw together a quick script that shop owners or admins can use to test whether or not they are vuln. Should be handy 
in cases where store owners are not sure what version they are running etc.

http://www.gulftech.org/vuln/ossqlin.txt
Previous By Date Next
Previous By Thread Next

Current thread: