Mega Mall [ multiples injection sql & full path disclosure ]

2006-11-14T00:00:00
ID SECURITYVULNS:DOC:15022
Type securityvulns
Reporter Securityvulns
Modified 2006-11-14T00:00:00

Description

vendor site: http://products.kaonsoftwares.com/ product: mega-mall bug:injection sql & full path disclosure language: asp risk: high

injection sql (get): http://site.com/mega-mall/product_review.php?t=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=USERID&so=[sql]

injection sql (post) : http://site.com/mega-mall/order-track.php Variables: /mega-mall/order-track.php?Enter=1&orderNo=[sql]

full path dislosure: http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x[]=

laurent gaffiй & benjamin mossй http://s-a-p.ca/ contact: saps.audit@gmail.com