Bugtraq mailing list archives

Re: Full path disclosure and sql injection on CubeCart 2.0.1

From: <sculptex () sculptex co uk>
Date: 21 Oct 2004 22:59:10 -0000

In-Reply-To: <20041006144016.28823.qmail () www securityfocus com>

Solution

INSERT
  
if (!is_numeric($cat_id))
   unset($cat_id); 

BEFORE

include("header.inc.php");

IN

index.php

Current thread:

Full path disclosure and sql injection on CubeCart 2.0.1 Pedro Sanches (Oct 06)
- <Possible follow-ups>
- Re: Full path disclosure and sql injection on CubeCart 2.0.1 sculptex (Oct 22)