Did you guys seriously just send five different advisories on five different vulnerable parameters on one vulnerable script?
2012/9/17 HTTPCS <cont...@httpcs.com> > ** > HTTPCS Advisory : HTTPCS100 > Product : FreeWebshop > Version : 2.2.9 > Date : 2012-09-17 > Criticality level : Highly Critical > Description : A vulnerability has been discovered in FreeWebshop, which > can be exploited by malicious people to conduct SQL injection attacks. > Input passed via the 'Text' parameter to '/index.php?page=cart&action=add' > is not properly sanitised before being used in a SQL query. This can be > exploited to manipulate SQL queries by injecting arbitrary SQL code. > Page : /index.php?page=cart&action=add > Variables : > sub=Bestellen&prodprice=1234.56&numprod=1&prodid=1&Text=[VulnHTTPCS] > Type : SQLI > Method : POST > Solution : > References : https://www.httpcs.com/advisory/httpcs100 > Credit : HTTPCS [Web Vulnerability Scanner] > _______________________________________________ > > Twitter : http://twitter.com/HTTPCS_ > Free web vulnerability scanner HTTPCS : https://www.httpcs.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
