Bugtraq mailing list archives
MetaCart e-Shop [multiples injection sql (get & post)]
From: saps.audit () gmail com
Date: 14 Nov 2006 18:18:45 -0000
vendor site:http://metalinks.com/ product:MetaCart e-Shop bug:injection sql risk:medium injection sql (get) : http://site.com/metacart/productsByCategory.asp?intCatalogID='[sql] http://site.com/metacart/product.asp?intProdID='[sql] injection sql(post) : 1 )http://site.com/metacart/searchAction.asp variables : /metacart/searchAction.asp?chkText=yes&strText='[sql] 2)http://site.com/metacart/searchAction.asp variables : /metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub mit1=Submit&intPrice='[sql] 3)http://site.com/metacart/searchAction.asp variables : /metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub mit1=Submit&intPrice=all&strCat='[sql] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- MetaCart e-Shop [multiples injection sql (get & post)] saps . audit (Nov 16)