by r0t,der4444,cembo,VietMafia

Friday, November 25, 2005

EZ Invoice Inc™ v 2.0 SQL inj.

EZ Invoice Inc™ v 2.0 SQL inj.
Vuln. dicovered by : r0t
Date: 25 nov. 2005
affected version:v 2.0 and prior

Product description:
This software is the easiest way create and manage invoices online with just the click of the mouse from anywhere in the world. All you need is a website with internet connection. EZI was created for the small business person: mom and pop shops, sole proprietors, small graphic studios, online start ups, solopreneurs, virtual assistants and more. EZI features a client lounge where your clients can login to view, print and even pay their invoices online by Credit Card (PayPal integration). Created by a Graphic Designer the software looks simple therefore is easy to use and learn!

Vuln. Description:
Input passed to the "i" parameter in "invoices.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



EZ Invoice, Inc™ has a patch available. Please email and EZI
will email you the patch to fix this small issue.


Anonymous Anonymous told...


2:52 AM

Anonymous Admin told...

If you need a patch EZI has one available to customers who purchased version 1 and 2. Just email them at

All new versions have been fixed and updated...

2:58 AM

Anonymous Bob told...

Great fix, thanks!
Love the software... Soo easy... ;-)

9:05 AM

Anonymous Anonymous told...

RoT, Thanks for finding that small error in the program. I emailed the and they sent me the patch instantly. Though it wasnt a big threat I appreciate you finding it...
James C -

6:45 PM

Blogger Credit Center told...

Hi thanks for your blog, I liked it! I also have a blog/site about credit cards for bad credit that covers credit cards for bad credit related stuff. Please feel free to visit.

7:03 PM

Anonymous cash flow told...

Hi Blogger, I was just blog surfing and found you! Wow, I really like this one.
It’s such a pleasure to read your post …. Interesting! I was over at another site

looking at factor

and they didn't go into as much detail as you, but nonetheless interesting.

2:17 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew