QUOTE
Severity: High
Title: Multiple SQL Injections in MetaCart2 for PayPal
Date: 27/04/2005
Vendor: MetaCart
Vendor Website: www.metalinks.com
Proof of Concept Exploits:
http://example.com/mcart2pal/productsByCat..._NAME=Computers
SQL INJECTIONS
http://example.com/mcart2pal/productsByCat...og_NAME=Laptops
SQL INJECTIONS
http://example.com/mcart2pal/productsByCat...og_NAME=Laptops
SQL INJECTIONS
http://example.com/mcart2pal/productsByCat...9;SQL_INJECTION
SQL INJECTIONS
http://example.com/mcart2pal/product.asp?i...9;SQL_INJECTION
SQL INJECTIONS
http://example.com/mcart2pal/productsByCat...9;SQL_INJECTION
SQL INJECTIONS
Author:
These vulnerabilties have been found and released by Diabolic Crab
Source: http://seclists.org/lists/bugtraq/2005/Apr/0427.html
