Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection E-commerce Kit 1 PayPal Edition [ injection sql ] TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De letion & Command Execution Vulnerablities Bloo => 1.00 Cross Site Scripting From:laurent gaffié <saps.audit_(at)_gmail.com> Date:16.11.2006Subject:MetaCart e-Shop [multiples injection sql (get & post)]vendor site:http://metalinks.com/ product:MetaCart e-Shop bug:injection sql risk:medium injection sql (get) : http://site.com/metacart/productsByCategory.asp?intCatalogID='[sql] http://site.com/metacart/product.asp?intProdID='[sql] injection sql(post) : 1 )http://site.com/metacart/searchAction.asp variables : /metacart/searchAction.asp?chkText=yes&strText='[sql] 2)http://site.com/metacart/searchAction.asp variables : /metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub mit1=Submit&intPrice='[sql] 3)http://site.com/metacart/searchAction.asp variables : /metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub mit1=Submit&intPrice=all&strCat='[sql] laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: saps.audit@gmail.com
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
E-commerce Kit 1 PayPal Edition [ injection sql ]
TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De letion & Command Execution Vulnerablities
Bloo => 1.00 Cross Site Scripting
