lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 19 Nov 2006 15:17:45 -0000 From: saps.audit@...il.com To: bugtraq@...urityfocus.com Subject: The Classified Ad System [multiple xss & injection sql] vendor site: http://www.rockfordarea.com/ product : The Classified Ad System bug: multiple xss (get) & injection sql risk : medium injection sql (get): /default.asp?action=view&main='[sql] injection sql (post) : just post your query into the search engine xss : /default.asp?action=view1&cat=[xss] /default.asp?action=view1&cat=40&main=[xss] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@...il.com