LandShop ls.php Multiple Variable SQL Injection

2006-11-09T08:33:53
ID OSVDB:30277
Type osvdb
Reporter OSVDB
Modified 2006-11-09T08:33:53

Description

Manual Testing Notes

http://[target]/PATH/action/ls.php?lang=en&action=list&start=[sql] http://[target]/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&search_area=[sql] http://[target]/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&search_area=&search_type=[sql] http://[target]/PATH/action/ls.php?lang=en&action=list&start=20&CAT_ID=1&keyword=&search_area=&search_type=&search_order=[sql]

References:

Vendor URL: http://www.landshop.gr/ Secunia Advisory ID:22784 Related OSVDB ID: 30276 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0145.html ISS X-Force ID: 30164 FrSIRT Advisory: ADV-2006-4450 CVE-2006-5914 Bugtraq ID: 20989