vendor site:http://www.alanward.net/
product:A-Cart pro
bug:injection sql
risk:medium
injection sql (get) :
/category.asp?catcode='[sql]
/product.asp?productid='[sql]
injection sql (post) :
http://site.com/search.asp
Variables:
/search.asp?search='[sql]
( or just post your query in the search engine … )
laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: [email protected]