NZ Ecommerce SQL&XSS vuln.

Vuln. discovered by : r0t Date: 2 march 2006 vendor: www.digitalbuilder.co.nz/ProductCodeNZEcommerce.asp affected version: latest Orginal advisory: http://pridels.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html 1.XSS Input passed to the "action" parameter in "index.php" isn't properly sanitise...