header-logo
Suggest Exploit
vendor:
eShop
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eShop
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

CyberStrong eShop SQL Injection Vulnerability

CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10browse.asp' script. It is reported that the attacker may steal eShop authentication information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query.

Mitigation:

Input validation should be used to prevent malicious SQL syntax from being passed to the vulnerable script.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14112/info

CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10browse.asp' script.

It is reported that the attacker may steal eShop authentication information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query. 

http://www.example.com/eshop/10browse.asp?ProductCode='

Navigation

Suggest Exploit

Services By CQR