SiteXpress E-Commerce System dept.asp id Variable SQL Injection

2006-11-13T09:04:20
ID OSVDB:30425
Type osvdb
Reporter OSVDB
Modified 2006-11-13T09:04:20

Description

Manual Testing Notes

http://[target]/[path]/dept.asp?id=[SQL]

References:

Secunia Advisory ID:22899 Other Advisory URL: http://aria-security.net/advisory/SiteXpress.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0224.html ISS X-Force ID: 30265 FrSIRT Advisory: ADV-2006-4527 CVE-2006-5936 Bugtraq ID: 21059