Speedy-Shop 2.0 CMS Blind SQL Injection Vulnerability

=====================================================
Speedy-Shop 2.0 CMS Blind SQL Injection Vulnerability
=====================================================


Vendor's Description of Software:
# http://www.speedy-shop.com/
 
 
Application Info:
# Name: Speedy-Shop 2.0
 
Vulnerability Info:
# Type: Blind SQL injection Vulnerability
# Risk: High
 
Fix:
# Fixed
 
Time Table:
# 17/05/2010 - Vendor notified.
 
The input passed via "idp" is not properly sanitised before being used in a sql query.
 
Solution:
 
# Input validation of "idp" parameter should be filtered.
 
 
Vulnerability:
# http://[site]/dettagli.asp?sid=NULL&idp=1+[BSQLi]
 

Credits:
# Discoverd By: Locu
# Website: http://xlocux.wordpress.com
# Contacts: xlocux[-at-]gmail.com
 
=============== { EOF } ================



#  0day.today [2018-02-05]  #