• info
• discussion
• exploit
• solution
• references

CartWIZ SearchResults.ASP PriceFrom Argument SQL Injection Vulnerability

No exploit is required.

The following proof of concept is available:
http://www.example.com/store/searchResults.asp?name=&idCategory=&sku=&priceFrom=[SQL]&priceTo=9999999999&validate=1