candypress.txt

2006-11-17T00:00:00
ID PACKETSTORM:52245
Type packetstorm
Reporter benjamin moss
Modified 2006-11-17T00:00:00

Description

                                        
                                            `vendor site:http://www.candypress.com/  
product:CandyPress Store  
bug:injection sql  
risk:medium  
  
  
  
injection sql (get) :  
  
http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='[sql]  
http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='[sql]  
  
  
laurent gaffié & benjamin mossé  
http://s-a-p.ca/  
contact: saps.audit@gmail.com  
`