[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20/20 real estate [ multiples injection sql ]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 20/20 real estate [ multiples injection sql ]
From: saps.audit@xxxxxxxxx
Date: 17 Nov 2006 18:29:19 -0000

vendor site:http://www.2020applications.com/
product:20/20 real estate
bug:injection sql 
risk:high



injection sql get :
/listings.asp?itemID='[sql]
/listings.asp?peopleID='[sql]
/f-google_earth.asp?itemID='[sql]
/f-email.asp?strPeopleID=1&itemID='[sql]
/listings.asp?strPageSize=1&strCurrentPage=1&peopleID='[sql]




laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx

Prev by Date: 20/20 auto gallery [ multiples injection sql ]
Next by Date: TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability
Previous by thread: 20/20 auto gallery [ multiples injection sql ]
Next by thread: TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability
Index(es):
- Date
- Thread