creadirectory [injection sql & xss]

vendor site: http://www.creascripts.com/ product:creadirectory bug: injection sql & xss risk : medium injection sql: /search.asp?search=1&submit=Search&category='sql xss: /addlisting.asp?cat=xss /search.asp?search=xss laurent gaffi & benjamin moss http://s-a-p.ca/ contact: [email protected]...

The Classified Ad System [multiple xss & injection sql]

vendor site: http://www.rockfordarea.com/ product : The Classified Ad System bug: multiple xss get & injection sql risk : medium injection sql get: /default.asp?action=view&main='sql injection sql post : just post your query into the search engine xss : /default.asp?action=view1&cat=xss...