CVE-2003-0557

StoreFront < 6.0 - SQL Injection via Login Password Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0557. PoCs published by G00db0y.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in StoreFront Shopping Cart 5.0 via the 'login.asp' script. By injecting a malformed password, an attacker can bypass authentication or manipulate database queries.

Description

SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by G00db0y · textwebappsasp

https://www.exploit-db.com/exploits/25847

View Code ZIP pw:eip

The exploit demonstrates an SQL injection vulnerability in StoreFront Shopping Cart 5.0 via the 'login.asp' script. By injecting a malformed password, an attacker can bypass authentication or manipulate database queries.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: StoreFront Shopping Cart 5.0

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105804683203384&w=2

Scores

EPSS 0.0104

EPSS Percentile 59.5%

Details

Status published

Products (1)

lagarde/storefront < 6.0

Published Aug 18, 2003

Tracked Since Feb 18, 2026