[VIM] Who or what is Total Ecommerce?
Steven M. Christey
coley at mitre.org
Thu Mar 9 01:09:21 EST 2006
Researcher: nukedx
Ref:
BUGTRAQ:20060304 Advisory: TotalECommerce (index.asp id) Remote SQL
InjectionVulnerability.
http://www.securityfocus.com/archive/1/archive/1/426765/100/0/threaded
FRSIRT:ADV-2006-0840
SECUNIA:19103
A little Googling shows what appears to be a single web site:
http://www.superasp.com.br/totalecommerce/index.asp
which uses the "secao" parameter as referenced by nukedx, but the
"product site" claimed by nukedx - http://www.totalecommerce.com -
appears to be a commercial index for various e-commerce resources.
A Google search suggests that there are many product or service names
such as "Total Ecommerce".
But that secao parameter sounds like the key... and this smells like a
single web site.
Anybody?
- Steve
More information about the VIM
mailing list