Bugtraq mailing list archives
A-Cart SQL Injection And Cross-Site Scripting
From: Advisory () Aria-Security Net, "[ NO REPLY ]"@securityfocus.com
Date: 19 Oct 2007 02:49:10 -0000
__________________________ A R I A - S E C U R I T Y ___________________________ A-Cart SQL Injection And Cross-Site Scripting http://alanward.net Cross Site Scripting: http://localhost/path/error.asp?msg=XSS SQL Injection: http://localhost/path/product.asp?productid=' SQL COMMAND Table Names are: categories customers orderitems orders products users (username,fullname,password,privileges) Credits Goes To Aria-Security Team http://Aria-Security.Net The-0utl4w
Current thread:
- A-Cart SQL Injection And Cross-Site Scripting [ NO REPLY ] (Oct 19)
- <Possible follow-ups>
- Re: A-Cart SQL Injection And Cross-Site Scripting laurent . gaffie (Oct 25)