creadirector.txt

2006-11-27T00:00:00
ID PACKETSTORM:52493
Type packetstorm
Reporter benjamin moss
Modified 2006-11-27T00:00:00

Description

                                        
                                            `vendor site: http://www.creascripts.com/  
product:creadirectory  
bug: injection sql & xss  
risk : medium   
  
  
injection sql:  
/search.asp?search=1&submit=Search&category='[sql]  
  
  
xss:  
/addlisting.asp?cat=[xss]  
/search.asp?search=[xss]  
  
  
laurent gaffié & benjamin mossé  
http://s-a-p.ca/  
contact: saps.audit@gmail.com  
`