20/20 real estate [ multiples injection sql ]

2006-11-18T00:00:00
ID SECURITYVULNS:DOC:15133
Type securityvulns
Reporter Securityvulns
Modified 2006-11-18T00:00:00

Description

vendor site:http://www.2020applications.com/ product:20/20 real estate bug:injection sql risk:high

injection sql get : /listings.asp?itemID='[sql] /listings.asp?peopleID='[sql] /f-google_earth.asp?itemID='[sql] /f-email.asp?strPeopleID=1&itemID='[sql] /listings.asp?strPageSize=1&strCurrentPage=1&peopleID='[sql]

laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: saps.audit@gmail.com