https://www.exploit-db.com/exploits/25279
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-247

ESMIPayPalStorefront存在多个SQL注入漏洞。远程攻击者可以通过(1)pages.php的idpages参数或(2)products1.php的id2参数，执行任意SQL命令。

source: http://www.securityfocus.com/bid/12903/info
 
ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query.
 
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/hv/ecdis/products1.php?id=6&id2='SQLINJECTION&subcat=Asus&p=products1

来源:BID
名称:12903
链接:http://www.securityfocus.com/bid/12903
来源:MISC
链接:http://www.hackerscenter.com/Archive/view.asp?id=1774
来源:SECTRACK
名称:1013563
链接:http://securitytracker.com/id?1013563
来源:SECUNIA
名称:14711
链接:http://secunia.com/advisories/14711
来源:BUGTRAQ
名称:20050330Multiplesqlinjection,andxssvulnerabilitiesinPaypalStorefront
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111221890614271&w;=2
来源:OSVDB
名称:15058
链接:http://www.osvdb.org/15058
来源:OSVDB
名称:15057
链接:http://www.osvdb.org/15057