11 lines
No EOL
844 B
Text
Executable file
11 lines
No EOL
844 B
Text
Executable file
source: http://www.securityfocus.com/bid/13382/info
|
|
|
|
A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries.
|
|
|
|
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may allow the attacker to steal sensitive information, potentially including authentication credentials, and to corrupt data.
|
|
|
|
MetaCart2 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/mcart2pfp/productsByCategory.asp?intCatalogID='SQL_INJECTION&%3bstrCatalog_NAME=Computers
|
|
http://www.example.com/mcart2pal/productsByCategory.asp?intCatalogID=%27SQL_INJECTION&%3bstrCatalog_NAME=Computers
|
|
http://www.example.com/mcart2sqluk/productsByCategory.asp?intCatalogID='SQL_INJECTION&%3bpage=2 |