info
discussion
exploit
solution
references
QuickEStore InsertOrder.CFM SQL Injection Vulnerability
An attacker can exploit this issue through a browser.
The following exploit code is available:
http://www.example.com/insertorder.cfm?CFID=123&CFTOKEN=1[sql query]
Privacy Statement
Copyright 2010, SecurityFocus
