In-Reply-To: <20031215061530.20789.qmail (at) sf-www2-symnsj.securityfocus (dot) com [email concealed]>
This vulnerability also exists in the account_edit_process.php and pretty much anywhere else you can input data into the country field by altering the form.
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
>
>
>
>Threw together a quick script that shop owners or admins can use to test whether or not they are vuln. Should be handy in cases where store owners are not sure what version they are running etc.
This vulnerability also exists in the account_edit_process.php and pretty much anywhere else you can input data into the country field by altering the form.
JeiAr
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: JeiAr <security (at) gulftech (dot) org [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
>
>
>
>Threw together a quick script that shop owners or admins can use to test whether or not they are vuln. Should be handy in cases where store owners are not sure what version they are running etc.
>
>http://www.gulftech.org/vuln/ossqlin.txt
>
[ reply ]