by r0t,der4444,cembo,VietMafia

Thursday, December 15, 2005

PlexCart X3 SQL inj. vuln.

PlexCart X3 SQL inj. vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
affected version:3.0 and prior

Product Description:
Your complete eCommerce and shopping cart solution for online web stores of all sizes. PLEXCART X3 makes the management of your online store easier – so you have more time to devote to building your business – instead of spending all of your time running it!

Vuln. Description:

PlexCart X3 contains a flaw that allows a remote sql injection attacks.Input passed to the all parameters in product search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

why can you never leave a real example of an sql injection? cut and paste xss is eazy, takes no skillz. sql injection you can only put a ` and say its injectoin from error. lame

8:25 AM

Anonymous r0t told...

lame is that you kidies always need a real examples.
copy/paste XSS , i do it with XSS cause not always is the same method as by SQL inj.
To learn i also easy, so if you will learn somethin you will not need "real" examples.

5:29 PM

Anonymous anti-anonymous said... told...

I need someone to hold my hand and explain to me how this works... Please show me EXACTLY what to do so i can Haxzorz their computerz. I want to be 133t. Please??!?!

5:43 PM

Blogger r0t told...

is it fame from you?
nobody will learn you you how to, cauz you will find all how to´s on net.
try to start with

9:58 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew