2daybiz custom T-shirt SQL Injection and Cross Site Scripting Vulnerabilities

vendor:

Custom T-shirt Designscript

by:

Sangteamtham

8,8

CVSS

HIGH

SQL Injection and Cross Site Scripting

89, 79

CWE

Product Name: Custom T-shirt Designscript

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: 2daybiz:custom_t-shirt_designscript

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

2daybiz custom T-shirt SQL Injection and Cross Site Scripting Vulnerabilities

The vulnerability exists in the products_details.php, products.php and designview.php scripts, where an attacker can inject malicious SQL queries into the vulnerable parameters sbid, pid and designid respectively.

Mitigation:

Input validation and sanitization should be implemented to prevent malicious SQL queries from being injected into the vulnerable parameters.

Source

Exploit-DB raw data:

$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz custom T-shirt SQL Injection and Cross Site Scripting
Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/customt-shirt_designscript.html
$ Date :06/25/2010
$
$******************************************************************************************
$Exploit:
$
$ 1.SQL injection:
$
$ http://server/products_details.php?sbid=[id number]
$ http://server/products/products.php?pid=[id number]
$ http://server/designview.php?designid=[id number]
$
$
$
$
$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for
more security
$
$
$--------------------------------------------------------------------------------------------------------------------