[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1

To: bugtraq@securityfocus.com
Subject: Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1
From: JeiAr <security@gulftech.org>
Date: 16 Dec 2003 22:45:15 -0000

In-Reply-To: <20031215061530.20789.qmail@sf-www2-symnsj.securityfocus.com>

This vulnerability also exists in the account_edit_process.php and pretty much 
anywhere else you can input data into the country field by altering the form.

JeiAr


>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: JeiAr <security@gulftech.org>
>To: bugtraq@securityfocus.com
>Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
>
>
>
>Threw together a quick script that shop owners or admins can use to test 
>whether or not they are vuln. Should be handy in cases where store owners are 
>not sure what version they are running etc.
>
>http://www.gulftech.org/vuln/ossqlin.txt
>

Prev by Date: RE: Self-signed certs unrestricted in Windows XP
Next by Date: Re: Self-signed certs unrestricted in Windows XP
Previous by thread: RE: SQL Injection Vuln In osCommerce 2.2-MS1
Next by thread: Buffer overflow/privilege escalation in MacOS X
Index(es):
- Date
- Thread