you seem surprised by the level of idiocy, are you new to this list? On Mon, Sep 17, 2012 at 2:42 PM, Julius Kivimäki <julius.kivim...@gmail.com> wrote: > Did you guys seriously just send five different advisories on five different > vulnerable parameters on one vulnerable script? > > 2012/9/17 HTTPCS <cont...@httpcs.com> >> >> HTTPCS Advisory : HTTPCS100 >> Product : FreeWebshop >> Version : 2.2.9 >> Date : 2012-09-17 >> Criticality level : Highly Critical >> Description : A vulnerability has been discovered in FreeWebshop, which >> can be exploited by malicious people to conduct SQL injection attacks. Input >> passed via the 'Text' parameter to '/index.php?page=cart&action=add' is not >> properly sanitised before being used in a SQL query. This can be exploited >> to manipulate SQL queries by injecting arbitrary SQL code. >> Page : /index.php?page=cart&action=add >> Variables : >> sub=Bestellen&prodprice=1234.56&numprod=1&prodid=1&Text=[VulnHTTPCS] >> Type : SQLI >> Method : POST >> Solution : >> References : https://www.httpcs.com/advisory/httpcs100 >> Credit : HTTPCS [Web Vulnerability Scanner] >> _______________________________________________ >> >> Twitter : http://twitter.com/HTTPCS_ >> Free web vulnerability scanner HTTPCS : https://www.httpcs.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/