Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2021-12345 | CWE-89 | $500 | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Unknown | High | Remote | 2017-03-24 |
Bonza Digital Cart Script 1 SQL Injection ################################################ #Title: Bonza Digital Cart Script v1 - SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.turnkeycentral.com #Vendor URL: http://www.turnkeycentral.com/scripts/bonza-digital-cart-script/ #Product: Bonza Digital Cart Script v1 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # "Bonza Digital Cart" # Bonza Cart is the perfect solution for Paypal merchants offering downloadable (eGoods) # and tangible goods for sale who need a full featured storefront& shopping cart, # secure automated file delivery system & powerful administration backend all in one! # # http://localhost/bonzacart/viewitem.php?ItemID=6[SQL] # http://localhost/bonzacart/showcatrows.php?CategoryID=4[SQL] # http://localhost/bonzacart/cms_pages.php?pn=Disclaimer[SQL] # http://localhost/bonzacart/showcatrows.php?CategoryID=2&SubcategoryID=3[SQL] # http://localhost/bonzacart/searchresults.php?SearchTerm=admin[SQL]&ord1=ItemName&ord2=desc[SQL]&search1.x&search1.y&where=ItemDescription[SQL] # # http://localhost/bonzacart/checkout.php?cmd=login # uname=admin[SQL]&upass=adin&submit.x=0&submit.y=0 # # PoC: # http://prnt.sc/en5vqv # http://prnt.sc/en5vxx # http://prnt.sc/en5w7t # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : [email protected] | *E* : [email protected] |
Copyright ©2024 Exploitalert.