BugTraq
Back to list
|
Post reply
Mega Mall [ multiples injection sql & full path disclosure ]
Nov 12 2006 07:51PM
saps audit gmail com
vendor site: http://products.kaonsoftwares.com/
product: mega-mall
bug:injection sql & full path disclosure
language: asp
risk: high
injection sql (get):
http://site.com/mega-mall/product_review.php?t=[sql]
http://site.com/mega-mall/product_review.php?t=0&productId=[sql]
http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=[sql]
http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x=[s
ql]
http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=USERI
D&so=[sql]
injection sql (post) :
http://site.com/mega-mall/order-track.php
Variables:
/mega-mall/order-track.php?Enter=1&orderNo=[sql]
full path dislosure:
http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x[]=
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
product: mega-mall
bug:injection sql & full path disclosure
language: asp
risk: high
injection sql (get):
http://site.com/mega-mall/product_review.php?t=[sql]
http://site.com/mega-mall/product_review.php?t=0&productId=[sql]
http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=[sql]
http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x=[s
ql]
http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=USERI
D&so=[sql]
injection sql (post) :
http://site.com/mega-mall/order-track.php
Variables:
/mega-mall/order-track.php?Enter=1&orderNo=[sql]
full path dislosure:
http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x[]=
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]
[ reply ]