Ecommerce Corporation Online Store Kit 3.0 shop.php cat Parameter SQL Injection

2004-02-18T00:00:00
ID EDB-ID:23718
Type exploitdb
Reporter G00db0y
Modified 2004-02-18T00:00:00

Description

Ecommerce Corporation Online Store Kit 3.0 shop.php cat Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/9687/info

It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI.

As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been reported that an attacker may be able to disclose the administrator password hash by exploiting this issue.

http://www.example.com/directory/shop.php?cat=[query]