Ecommerce Corporation Online Store Kit 3.0 More.PHP id Parameter SQL Injection

2003-02-17T00:00:00
ID EDB-ID:23711
Type exploitdb
Reporter David Sopas Ferreira
Modified 2003-02-17T00:00:00

Description

Ecommerce Corporation Online Store Kit 3.0 More.PHP id Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/9676/info

Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via the 'id' parameter of 'more.php' script.

Online Store Kit version 3.0 has been reported to be prone to these issues.

more.php?id='[SQL injection here]&