[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A-Cart SQL Injection And Cross-Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: A-Cart SQL Injection And Cross-Site Scripting
From: Advisory@xxxxxxxxxxxxxxxxx, "[ NO REPLY ]"@securityfocus.com
Date: 19 Oct 2007 02:49:10 -0000

__________________________

A R I A - S E C U R I T Y 
___________________________
A-Cart SQL Injection And Cross-Site Scripting 
http://alanward.net

Cross Site Scripting:
http://localhost/path/error.asp?msg=XSS

SQL Injection:
http://localhost/path/product.asp?productid=' SQL COMMAND

Table Names are:
categories
customers
orderitems
orders
products
users (username,fullname,password,privileges)

Credits Goes To Aria-Security Team 
http://Aria-Security.Net
The-0utl4w

Prev by Date: [SECURITY] [DSA 1390-1] New t1lib packages fix arbitrary code execution
Next by Date: [CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability
Previous by thread: [SECURITY] [DSA 1390-1] New t1lib packages fix arbitrary code execution
Next by thread: Re: A-Cart SQL Injection And Cross-Site Scripting
Index(es):
- Date
- Thread