Bugtraq mailing list archives

A-Cart SQL Injection And Cross-Site Scripting

From: Advisory () Aria-Security Net, "[ NO REPLY ]"@securityfocus.com
Date: 19 Oct 2007 02:49:10 -0000

__________________________

A R I A - S E C U R I T Y 
___________________________
A-Cart SQL Injection And Cross-Site Scripting 
http://alanward.net

Cross Site Scripting:
http://localhost/path/error.asp?msg=XSS

SQL Injection:
http://localhost/path/product.asp?productid=&apos; SQL COMMAND

Table Names are:
categories
customers
orderitems
orders
products
users (username,fullname,password,privileges)

Credits Goes To Aria-Security Team 
http://Aria-Security.Net
The-0utl4w

Current thread:

A-Cart SQL Injection And Cross-Site Scripting [ NO REPLY ] (Oct 19)
- <Possible follow-ups>
- Re: A-Cart SQL Injection And Cross-Site Scripting laurent . gaffie (Oct 25)