Pilot Cart V.7.2 [ injection sql (post) ]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Pilot Cart V.7.2 [ injection sql (post) ]
From: saps.audit@xxxxxxxxx
Date: 14 Nov 2006 18:45:02 -0000

vendor site:http://www.pilotcart.com/
product:Pilot Cart V.7.2
bug:injection sql
risk:high


injection sql(post) :
in the search engine:
http://site.com/pilot.asp?pg=search&mode=results
variables :
srch='[sql]&searchBy=Products


laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx

Prev by Date: Storystream => 4.0 Remote File Include Vulnerability Exploit
Next by Date: [ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities
Previous by thread: Storystream => 4.0 Remote File Include Vulnerability Exploit
Next by thread: [ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux