API tools faq
paste
Advertisement
Scorz-Root

CyberStrong EShop 4.2 - '20review.asp' SQL Injection

Scorz-Root
Dec 15th, 2017
1,485
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
SQL 0.58 KB | None | 0 0
raw download clone embed print report
  1. SOURCE: http://www.securityfocus.com/bid/14101/info
  2.  
  3. CyberStrong eShop IS prone TO an SQL-injection vulnerability. AS a RESULT, the attacker may MODIFY the STRUCTURE AND logic OF an SQL query that IS made BY the application. The attacker may accomplish this BY passing malicious SQL syntax TO the vulnerable '20review.asp' script.
  4.  
  5. Reportedly, the attacker may steal eShop authentication information. Other attacks may be possible, depending ON the capabilities OF the underlying DATABASE AND the nature OF the affected query.
  6.  
  7. http://www.example.com/eshop/20Review.asp?ProductCode='
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!