[VIM] Re: Quick.Cart - sql injections? (fwd)

security curmudgeon jericho at attrition.org
Thu Jul 14 05:14:28 EDT 2005



---------- Forwarded message ----------
From: Lostmon <lostmon at gmail.com>
To: security curmudgeon <jericho at attrition.org>
Date: Thu, 14 Jul 2005 11:11:04 +0200
Subject: Re: [OSVDB Mods] Quick.Cart - sql injections? (fwd)

De: Lostmon <lostmon at gmail.com>
Responder a: Lostmon <lostmon at gmail.com>
Para: "OpenSolution.org" <info at opensolution.org>
Fecha: 14-jul-2005 11:09
Asunto: Re: Quick.Cart - sql injections?

hiz :

yes this is true , in a few days a go to update my advisore and send
to security list the update , this is a simple variable injection ,
not a SQL injection.

thnx for your time !!

2005/7/7, OpenSolution.org <info at opensolution.org>:

- Mostrar texto citado -
> Welcome
>
> How You create SQL queries ?
> There is:
> NO SQL DATABASE = NO SQL QUERIES = NO SQL INJECTION
>
> Please dont LIE!!!
>
> http://lostmon.blogspot.com/2005/05/quickcart-sword-variable-xss-and.html
>
> "Quick.cart 'sWord' variable XSS" -> This is fixed in Quick.Cart v0.3.1
> version
>
> --
> email: info at opensolution.org
> www: http://opensolution.org
>
>
>



--
atentamente:
Lostmon (lostmon at gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....



2005/7/7, security curmudgeon <jericho at attrition.org>:
>
>
> ---------- Forwarded message ----------
> From: OpenSolution.org <info at opensolution.org>
> To: moderators at osvdb.org
> Date: Thu, 07 Jul 2005 10:44:32 +0200
> Subject: [OSVDB Mods] Quick.Cart - sql injections?
>
> Welcome
>
> How You create SQL queries ? Quick.Cart have no SQL database then no sql
> queries.
> Please dont LIE!!!
>
> http://www.osvdb.org/16331
>
> This is fixed in Quick.Cart v0.3.1 version
> http://www.osvdb.org/16330
>
> --
> email: info at opensolution.org
> www: http://opensolution.org
>


-- 
atentamente:
Lostmon (lostmon at gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....


More information about the VIM mailing list