Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1
From: JeiAr (security_at_gulftech.org)
Date: 16 Dec 2003 22:45:15 -0000 To: email@example.com('binary' encoding is not supported, stored as-is) In-Reply-To: <firstname.lastname@example.org>
This vulnerability also exists in the account_edit_process.php and pretty much anywhere else you can input data into the country field by altering the form.
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: JeiAr <email@example.com>
>Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
>Threw together a quick script that shop owners or admins can use to test whether or not they are vuln. Should be handy in cases where store owners are not sure what version they are running etc.