CyberStrong EShop 4.2 10browse.ASP SQL Injection Vulnerability

2005-06-30T00:00:00
ID EDB-ID:25925
Type exploitdb
Reporter aresu@bosen.net
Modified 2005-06-30T00:00:00

Description

CyberStrong EShop 4.2 10browse.ASP SQL Injection Vulnerability. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/14112/info

CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10browse.asp' script.

It is reported that the attacker may steal eShop authentication information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query. 

http://www.example.com/eshop/10browse.asp?ProductCode='