Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
A-Cart pro[ injection sql (post&get)] Nov 14 2006 07:55PM
saps audit gmail com
vendor site:http://www.alanward.net/
product:A-Cart pro
bug:injection sql
risk:medium

injection sql (get) :
/category.asp?catcode='[sql]
/product.asp?productid='[sql]

injection sql (post) :

http://site.com/search.asp
Variables:
/search.asp?search='[sql]
( or just post your query in the search ...

[ more ]  




 

Privacy Statement
Copyright 2008, SecurityFocus