Enthrallweb eHomes homeDetail.asp AD_ID Variable SQL Injection

2006-11-19T09:06:18
ID OSVDB:30578
Type osvdb
Reporter OSVDB
Modified 2006-11-19T09:06:18

Description

Manual Testing Notes

/homeDetail.asp?AD_ID='[sql]

References:

Vendor URL: http://enthrallweb.us/ Secunia Advisory ID:23016 Related OSVDB ID: 30575 Related OSVDB ID: 30581 Related OSVDB ID: 30576 Related OSVDB ID: 30577 Related OSVDB ID: 30579 Related OSVDB ID: 30580 Other Advisory URL: http://s-a-p.ca/index.php?page=OurAdvisories&id=50 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0375.html ISS X-Force ID: 30419 FrSIRT Advisory: ADV-2006-4643 CVE-2006-6204 Bugtraq ID: 21193