[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

prestashop vuln: sql injection submitted to bugtraq@xxxxxxxxxxxxxxxxx

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: prestashop vuln: sql injection submitted to bugtraq@xxxxxxxxxxxxxxxxx
From: "Antonio S.M" <antonio_s_martino@xxxxxxxx>
Date: Fri, 25 Feb 2011 06:44:07 +0000 (GMT)

Hello,
I am Antonio San Martino, i write you to incloude this sql injection 
vulnerabilities in your database. The vulnerable version is prestashop 1.3.3 
and 
is vulnerable to sql injection

 Vulnerable software and vendor: Prestashop,  verion: 1.3.3 - 0.246s 


Sql Injection Vulnerabilities

 Vulnerable File  Vulnerable Field 
 category.php     id_category
 cart.php            id_product
 product.php       id_product



 Vulnerability  details:  just inject ' and you get sql eror 

Thanks so much.
Kind Regards

Prev by Date: Linksys Cisco Wag120N CSRF Vulnerability
Next by Date: [BMSA-2011-01] Insecure secure cookie in web.go
Previous by thread: Re: Linksys Cisco Wag120N CSRF Vulnerability
Next by thread: [BMSA-2011-01] Insecure secure cookie in web.go
Index(es):
- Date
- Thread