Lucene search

K

ehomes.txt

🗓️ 21 Nov 2006 00:00:00Reported by benjamin mossType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 12 Views

Security risk in ehomes product with SQL injection and XSS vulnerabilitie

Show more
Code
`vendor site: http://enthrallweb.us/  
product : ehomes   
bug:injection sql  
risk : medium  
  
injection sql :  
/dircat.asp?cid='[sql]  
/dirSub.asp?sid='[sql]  
/types.asp?TYPE_ID='[sql]  
/homeDetail.asp?AD_ID='[sql]  
/result.asp?city=1&cat='[sql]  
/compareHomes.asp?compare='[sql]  
/compareHomes.asp?compare=Compare&clear='[sql]  
/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]  
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]  
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[sql]  
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=10000000&abedrooms='[sql]  
  
  
xss get :  
/result.asp?city=[xss]  
/result.asp?city=1&cat=2&imageField2=1&State=[xss]  
  
  
laurent gaffié & benjamin mossé  
http://s-a-p.ca/  
contact: [email protected]  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Nov 2006 00:00Current
7.4High risk
Vulners AI Score7.4
12
.json
Report