[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection

2006-11-25T00:00:00
ID SECURITYVULNS:DOC:15213
Type securityvulns
Reporter Securityvulns
Modified 2006-11-25T00:00:00

Description

Aria-Security Team Advisory

<www.Aria-security.Com For English >

<www.Aria-Security.net For Persian >

Original Advisory :

http://www.aria-security.com/forum/showthread.php?t=42

-----------------------------------------------------------

Software: MidiCart ASP Shopping Cart

Method: SQL Injection And Cross Site Scripting

PoC:

http://target/path/item_show.asp?code_no=[SQL Injection]

http://target/path/item_show.asp?id2006quant=[SQL INJECTION]

http://target/path/item_list.asp?maingroup=[SQL INJECTION]

http://target/path/item_list.asp?maingroup=Something&secondgroup=[SQL INJECTION]

http://target/path/

Contact: Advisory@aria-security.net