Exploit eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23719
Проверка EDB
  1. Пройдено
Автор
G00DB0Y
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-0300
Дата публикации
2004-02-18
Код:
source: https://www.securityfocus.com/bid/9687/info
 
It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI.
 
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been reported that an attacker may be able to disclose the administrator password hash by exploiting this issue.

http://www.example.com/directory/lite/shop_by_brand.php?cat_manufacturer=[query]
 
Источник
www.exploit-db.com

Похожие темы