source: http://www.securityfocus.com/bid/14101/info CyberStrong eShop is prone to an SQL-injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '20review.asp' script. Reportedly, the attacker may steal eShop authentication information. Other attacks may be possible, depending on the capabilities of the underlying database and the nature of the affected query. http://www.example.com/eshop/20Review.asp?ProductCode='
Related ExploitsTrying to match CVEs (1): CVE-2003-0509
Trying to match OSVDBs (1): 10100
Other Possible E-DB Search Terms: CyberStrong EShop 4.2, CyberStrong EShop
|2005-06-30||CyberStrong EShop 4.2 - '10browse.asp' SQL Injection||aresu@bosen...|
|2005-06-30||CyberStrong eShop 4.2 - '10expand.asp' SQL Injection||aresu@bosen...|