| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 12 Nov 2006 19:51:42 -0000 From: saps.audit@...il.com To: bugtraq@...urityfocus.com Subject: Mega Mall [ multiples injection sql & full path disclosure ] vendor site: http://products.kaonsoftwares.com/ product: mega-mall bug:injection sql & full path disclosure language: asp risk: high injection sql (get): http://site.com/mega-mall/product_review.php?t=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=USERID&so=[sql] injection sql (post) : http://site.com/mega-mall/order-track.php Variables: /mega-mall/order-track.php?Enter=1&orderNo=[sql] full path dislosure: http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x[]= laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@...il.com
Powered by blists - more mailing lists