Exploit Database - Logo

CyberStrong eShop 4.2 - '10expand.asp' SQL Injection

EDB-ID: 25923 Author: aresu@bosen.net Published: 2005-06-30
CVE: CVE-2003-0509 Type: Webapps Platform: ASP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/14103/info

CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10expand.asp' script.

It is reported that the attacker may steal eShop authentication information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query.

http://www.example.com/eshop/10expand.asp?ProductCode='
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2003-0509
Trying to match OSVDBs (1): 10098
Other Possible E-DB Search Terms: CyberStrong eShop 4.2,  CyberStrong eShop
Date D V Title Author
2005-06-30 Verified CyberStrong EShop 4.2 - '10browse.asp' SQL Injectionaresu@bosen...
2005-06-30 Verified CyberStrong EShop 4.2 - '20review.asp' SQL Injectionaresu@bosen...
Menu