eClassifieds [injection sql]

From: saps.audit@xxxxxxxxx
Date: 19 Nov 2006 15:44:00 -0000

vendor site: http://enthrallweb.com/
product : eClassifieds
bug:injection sql
risk : medium

injection sql :
/ad.asp?AD_ID='[sql]
/ad.asp?cat_id='[sql]
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/ad.asp?cat_id=35&sub_id='[sql]
/ad.asp?cat_id=35&sub_id=102&ad_id='[sql]

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx

Prev by Date: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
Next by Date: Rialto 1.6[admin login bypass & multiples injections sql]
Previous by thread: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
Next by thread: Rialto 1.6[admin login bypass & multiples injections sql]
Index(es):
- Date
- Thread

Relevant Pages

Rapid Classified v3.1 [multiple xss (get) & injection sql]
... multiple xss & injection sql ... laurent gaffié & benjamin mossé ...
(Bugtraq)
A+ Store E-Commerce[ injection sql & xss (post) ]
... bug:injection sql & xss post ... injection sql: ... laurent gaffié & benjamin mossé ...
(Bugtraq)
ehomes [multiples injections sql]
... xss get: ... laurent gaffié & benjamin mossé ...
(Bugtraq)
Inventory Manager [injection sql & xss (get)]
... bug:injection sql & xss ... laurent gaffié & benjamin mossé ...
(Bugtraq)
The Classified Ad System [multiple xss & injection sql]
... multiple xss & injection sql ... risk: medium ...
(Bugtraq)