Ecommercemax Solutions Digital good seller Sql Injection Vulnerablity

vendor:

Ecommercemax Solutions Digital good seller

by:

R4dc0re

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Ecommercemax Solutions Digital good seller

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: NO

Related CWE: N/A

CPE: a:ecommercemax:ecommercemax_solutions_digital_good_seller

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: ASP 2.0 & VBScript

2010

Ecommercemax Solutions Digital good seller Sql Injection Vulnerablity

DGS auto-fulfills the orders by sending a download code, password and download link to your customers instantly. They get the goods, you get the cash! All these happening w/out you lifting a finger. Sell e-books, e-zines, Flash, digital arts, ringtones... Code: ASP 2.0 & VBScript

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title:Ecommercemax Solutions Digital good seller Sql Injection Vulnerablity 
# Date: 05-12-2010
# Vendor or Software Link:http://www.ecommercemax.com/
# Category:WebApp
# Version:1.5
# Price:60$
# Contact: R4dc0re@yahoo.fr
# Website: www.1337db.com
# Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members

  Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

DGS auto-fulfills the orders by sending a download code, password and 
download link to your customers instantly. 
They get the goods, you get the cash! All these happening w/out you lifting a finger. 
Sell e-books, e-zines, Flash, digital arts, ringtones... Code: ASP 2.0 & VBScript

[Vulnerability]

SQL Injection:

http://server/shoppingcart.asp?d=[Code]
########################################################################################