Enthrallweb eClassifieds dirSub.asp sid Variable SQL Injection

2006-11-19T08:34:55
ID OSVDB:30573
Type osvdb
Reporter OSVDB
Modified 2006-11-19T08:34:55

Description

Manual Testing Notes

/dirSub.asp?sid='[sql]

References:

Vendor URL: http://enthrallweb.com/ Secunia Advisory ID:23050 Related OSVDB ID: 30571 Related OSVDB ID: 30572 Other Advisory URL: http://s-a-p.ca/index.php?page=OurAdvisories&id=46 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0378.html ISS X-Force ID: 30423 FrSIRT Advisory: ADV-2006-4642 CVE-2006-6208 Bugtraq ID: 21192