|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
A-Cart SQL Injection And Cross-Site Scripting
From: Advisory
Aria-Security.Net, (AdvisoryAria-Security.Net)
Date: Thu Oct 18 2007 - 21:49:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
__________________________
A R I A - S E C U R I T Y
___________________________
A-Cart SQL Injection And Cross-Site Scripting
http://alanward.net
Cross Site Scripting:
http://localhost/path/error.asp?msg=XSS
SQL Injection:
http://localhost/path/product.asp?productid=' SQL COMMAND
Table Names are:
categories
customers
orderitems
orders
products
users (username,fullname,password,privileges)
Credits Goes To Aria-Security Team
http://Aria-Security.Net
The-0utl4w
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]