acart-sqlxss.txt

2007-10-22T00:00:00
ID PACKETSTORM:60269
Type packetstorm
Reporter Outlaw
Modified 2007-10-22T00:00:00

Description

                                        
                                            `__________________________  
  
A R I A - S E C U R I T Y   
___________________________  
A-Cart SQL Injection And Cross-Site Scripting   
http://alanward.net  
  
Cross Site Scripting:  
http://localhost/path/error.asp?msg=XSS  
  
SQL Injection:  
http://localhost/path/product.asp?productid=' SQL COMMAND  
  
Table Names are:  
categories  
customers  
orderitems  
orders  
products  
users (username,fullname,password,privileges)  
  
Credits Goes To Aria-Security Team   
http://Aria-Security.Net  
The-0utl4w  
`