eClassifieds [injection sql]

2006-11-22T00:00:00
ID SECURITYVULNS:DOC:15171
Type securityvulns
Reporter Securityvulns
Modified 2006-11-22T00:00:00

Description

vendor site: http://enthrallweb.com/ product : eClassifieds bug:injection sql risk : medium

injection sql : /ad.asp?AD_ID='[sql] /ad.asp?cat_id='[sql] /dircat.asp?cid='[sql] /dirSub.asp?sid='[sql] /ad.asp?cat_id=35&sub_id='[sql] /ad.asp?cat_id=35&sub_id=102&ad_id='[sql]

laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com