MultiCart search.php ddlCategory Variable SQL Injection

2007-10-02T00:00:00
ID OSVDB:39896
Type osvdb
Reporter OSVDB
Modified 2007-10-02T00:00:00

Description

Manual Testing Notes

http://[target]/search.php?chkProductName=on&chkIncludeSubcategories=on&sd=1&txtSearch=&ddlCategory=1AND 1=2

References:

Vendor URL: http://www.iscripts.com/multicart/ Related OSVDB ID: 39897 ISS X-Force ID: 36927 Generic Exploit URL: http://www.milw0rm.com/exploits/4480 CVE-2007-5261 Bugtraq ID: 25895