[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Full path disclosure and sql injection on CubeCart 2.0.1
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: Full path disclosure and sql injection on CubeCart 2.0.1
- From: <sculptex@xxxxxxxxxxxxxx>
- Date: 21 Oct 2004 22:59:10 -0000
In-Reply-To: <20041006144016.28823.qmail@xxxxxxxxxxxxxxxxxxxxx>
Solution
INSERT
if (!is_numeric($cat_id))
unset($cat_id);
BEFORE
include("header.inc.php");
IN
index.php