| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061120022551.27967.qmail@securityfocus.com> Date: 20 Nov 2006 02:25:51 -0000 From: saps.audit@...il.com To: bugtraq@...urityfocus.com Subject: ehomes [multiples injections sql] vendor site: http://enthrallweb.us/ product : ehomes bug:injection sql risk : medium injection sql : /dircat.asp?cid='[sql] /dirSub.asp?sid='[sql] /types.asp?TYPE_ID='[sql] /homeDetail.asp?AD_ID='[sql] /result.asp?city=1&cat='[sql] /compareHomes.asp?compare='[sql] /compareHomes.asp?compare=Compare&clear='[sql] /compareHomes.asp?compare=Compare&clear=Clear&adID='[sql] /result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql] /result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[sql] /result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=10000000&abedrooms='[sql] xss get : /result.asp?city=[xss] /result.asp?city=1&cat=2&imageField2=1&State=[xss] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@...il.com
Powered by blists - more mailing lists