Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  phpPC 1.04 Multiples Remote File Inclusion

  Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

  PhotoCart 3.9 (adminprint.
php) Remote File Include Vulnerability

  Vulnerability in PostNuke

From:laurent gaffié <saps.audit_(at)_gmail.com>
Date:22 ноября 2006 г.
Subject:ehomes [multiples injections sql]

vendor site: http://enthrallweb.us/
product : ehomes  
bug:injection sql
risk : medium

injection sql :
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/types.asp?TYPE_ID='[sql]
/homeDetail.asp?AD_ID='[sql]
/result.asp?city=1&cat='[sql]
/compareHomes.asp?compare='[sql]
/compareHomes.asp?compare=Compare&clear='[sql]
/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]
/result.
asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]
/result.
asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=
'[sql]
/result.
asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=
10000000&abedrooms='[sql]


xss get :
/result.asp?city=[xss]
/result.asp?city=1&cat=2&imageField2=1&State=[xss]


laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: [email protected]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород