Vulnerability Type: Multiple SQL Injection and Cross-Site Scripting (XSS) vulnerabilities in Pay paw Storefront Discovered By: "Diabolic Crab" (dcrab@hackerscenter.com) Advisory Author: ديكراب's Security Advisory (http://icis.digitalparadox.org/~dcrab) Severity: High Vulnerability Title: Multiple SQL Injection и XSS Vulnerabilities in Pay paw Storefront. Valid Stash Scripts Summary: - There are multiple SQL Injection and XSS vulnerabilities in the Pay paw Storefront script. PoC Exploit - Datasource: SQL code injection You are having an error in your SQL Syntax. Please check the manual for the right syntax to move near 'SQI injection' at line I. ThisCookie contains some code too. - Datasource: SQL syntax injection ISATION.%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&id2=10&subcat=Asus&p=products1 - SQL Syntax error. SQL Interface Server Versions: - MySQL: 4.x - SQL Server: 2000.x - Oracle: 10.x