Ecommerce Corporation Online Store Kit Multiple SQL Injection Vulnerabilities

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/directory/shop.php?cat=[query]
http://www.example.com/directory/lite/shop_by_brand.php?cat_manufacturer=[query]
http://www.example.com/directory/listing.php?id=[query]


 

Privacy Statement
Copyright 2010, SecurityFocus