• info
• discussion
• exploit
• solution
• references

SAMEDIA Landshop Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/ls.php?lang=en&action=list&start=[SQL]
http://www.example.com/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=&search_area=&search_type=&infield=&search_order=[SQL]
http://www.example.com/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=&search_area=&search_type=[SQL]
http://www.example.com/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=[SQL]
http://www.example.com/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=&search_area=[SQL]