DUware DUpaypal Pro Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof-of-concept URIs are available:

http://www.example.com/DUpaypalPro/shops/cat.asp?iCat=[SQL Inject]
http://www.example.com/DUpaypalPro/shops/detail.asp?iPro=40[SQL Inject]&iSub=
http://www.example.com/DUpaypalPro/shops/sub.asp?iSub=[SQL Inject]
http://www.example.com/DUpaypalPro/admin/catEdit.asp?iCat=[SQL inject]


 

Privacy Statement
Copyright 2010, SecurityFocus