Re:Re: SQL Injection Vuln In osCommerce 2.2-MS1

From: JeiAr (security_at_gulftech.org)
Date: 12/16/03

  • Next message: Luigi Auriemma: "Server side scripts viewing in Goahead webserver <= 2.1.7"
    Date: 16 Dec 2003 22:45:15 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20031215061530.20789.qmail@sf-www2-symnsj.securityfocus.com>

    This vulnerability also exists in the account_edit_process.php and pretty much anywhere else you can input data into the country field by altering the form.

    JeiAr

    >X-Mailer: MIME-tools 5.411 (Entity 5.404)
    >From: JeiAr <security@gulftech.org>
    >To: bugtraq@securityfocus.com
    >Subject: RE: SQL Injection Vuln In osCommerce 2.2-MS1
    >
    >
    >
    >Threw together a quick script that shop owners or admins can use to test whether or not they are vuln. Should be handy in cases where store owners are not sure what version they are running etc.
    >
    >http://www.gulftech.org/vuln/ossqlin.txt
    >


  • Next message: Luigi Auriemma: "Server side scripts viewing in Goahead webserver <= 2.1.7"