Bugtraq mailing list archives
Re: Full path disclosure and sql injection on CubeCart 2.0.1
From: <sculptex () sculptex co uk>
Date: 21 Oct 2004 22:59:10 -0000
In-Reply-To: <20041006144016.28823.qmail () www securityfocus com> Solution INSERT if (!is_numeric($cat_id)) unset($cat_id); BEFORE include("header.inc.php"); IN index.php
Current thread:
- Full path disclosure and sql injection on CubeCart 2.0.1 Pedro Sanches (Oct 06)
- <Possible follow-ups>
- Re: Full path disclosure and sql injection on CubeCart 2.0.1 sculptex (Oct 22)