Date: 19 Oct 2007 02:49:10 -0000
From: [email protected], "[ NO REPLY ]"@securityfocus.com
To: [email protected]Subject: A-Cart SQL Injection And Cross-Site Scripting
X-Virus-Scanned: antivirus-gw at tyumen.ru
__________________________
A R I A - S E C U R I T Y
___________________________
A-Cart SQL Injection And Cross-Site Scripting
http://alanward.net
Cross Site Scripting:
http://localhost/path/error.asp?msg=XSS
SQL Injection:
http://localhost/path/product.asp?productid=' SQL COMMAND
Table Names are:
categories
customers
orderitems
orders
products
users (username,fullname,password,privileges)
Credits Goes To Aria-Security Team
http://Aria-Security.Net
The-0utl4w
