20/20 Real Estate listings.asp Multiple Variable SQL Injection

2006-11-17T07:02:30
ID OSVDB:32787
Type osvdb
Reporter OSVDB
Modified 2006-11-17T07:02:30

Description

Manual Testing Notes

/listings.asp?itemID='[sql] /listings.asp?peopleID='[sql] /listings.asp?strPageSize=1&strCurrentPage=1&peopleID='[sql]

References:

Vendor URL: http://www.2020applications.com/ Related OSVDB ID: 32786 Related OSVDB ID: 32785 Other Advisory URL: http://s-a-p.ca/index.php?page=OurAdvisories&id=40 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0330.html ISS X-Force ID: 30402 CVE-2006-6067 Bugtraq ID: 21156