by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

Widget Imprint SQL inj. vuln.

Widget Imprint SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
affected version: 1.0.26 and prior

Product Description:
Database driven web software designed for the heat-transfer imprint, impact print shop to sell promotional items online. (similar to, but you can add any imprintable product you like) Have your customers create their own products, such as T-shirts, mugs, mousepads, boxers, aprons, coasters and so on, with real-time preview. Complete print web service package, Product management, Add product samples, Order tracking, Add company logo, CMS, Real-time customer photo upload, Shopping cart, Online commerce, and Multi-language suppor

Vuln. description:
Input passed to the "product_id" parameter in "create.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew