Just Another Hacker
Author's avatar

Huski retail mulitple SQL injection vulnerabilities

Huski Retail Ascet Interactive offers you a very simple and cost effective method of selling goods and services online. Ascet Interactive provides you with a catalogue targeted at your customers, whether they are retail customers or your dealer network. Imagine being able to save on printing, faxing and administration costs by making your whole product range available at anytime via the Web. [ Taken from: http://www.ascetinteractive.com/?id=huskiretail ]

Vulnerability description

The categoryID and productID parameters used in several pages are not sufficiently sanitised, leading to SQL injection.

  • Discovered by: Eldar “Wireghoul” Marcussen
  • Vendor: ASCET Interactive - http://www.ascetinteractive.com
  • Affected versions: Unknown

Exploit URI






Contact the vendor for a fix

Disclosure time line

  • 05-Feb-2010 - Public disclosure
  • 29-Jan-2010 - Vendor acknowledge vulnerability
  • 28-Jan-2010 - Vendor notified through email


Static source code analysis tool for finding vulnerabilities in source code.


Self contained attacks against per directory configuration in web servers.

PHP omelette

Code obfuscation tool for bypassing web application firewalls.


All of the project information on one page!