The 'Demo Store' version of the AFCommerce Shopping Cart (www.afcommerce.com) is vulnerable to both SQL Injection and Cross Site Scripting (XSS).
SQL Injection can be tested by inserting the classic 'or 1=1-- into the search field. The result is that the first record is returned. We can also pe...
SQL Injection can be tested by inserting the classic 'or 1=1-- into the search field. The result is that the first record is returned. We can also pe...
[ more ]