Bugtraq mailing list archives
Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1
From: JeiAr <security () gulftech org>
Date: 16 Dec 2003 22:45:15 -0000
In-Reply-To: <20031215061530.20789.qmail () sf-www2-symnsj securityfocus com> This vulnerability also exists in the account_edit_process.php and pretty much anywhere else you can input data into the country field by altering the form. JeiAr
X-Mailer: MIME-tools 5.411 (Entity 5.404) From: JeiAr <security () gulftech org> To: bugtraq () securityfocus com Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1 Threw together a quick script that shop owners or admins can use to test whether or not they are vuln. Should be handy in cases where store owners are not sure what version they are running etc. http://www.gulftech.org/vuln/ossqlin.txt
Current thread:
- RE: SQL Injection Vuln In osCommerce 2.2-MS1 JeiAr (Dec 15)
- <Possible follow-ups>
- Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1 JeiAr (Dec 16)