Home page logo
/

bugtraq logo Bugtraq mailing list archives

A-Cart SQL Injection And Cross-Site Scripting
From: Advisory () Aria-Security Net, "[ NO REPLY ]"@securityfocus.com
Date: 19 Oct 2007 02:49:10 -0000

__________________________

A R I A - S E C U R I T Y 
___________________________
A-Cart SQL Injection And Cross-Site Scripting 
http://alanward.net

Cross Site Scripting:
http://localhost/path/error.asp?msg=XSS

SQL Injection:
http://localhost/path/product.asp?productid=' SQL COMMAND

Table Names are:
categories
customers
orderitems
orders
products
users (username,fullname,password,privileges)

Credits Goes To Aria-Security Team 
http://Aria-Security.Net
The-0utl4w


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]