Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

phpPC 1.04 Multiples Remote File Inclusion

Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

PhotoCart 3.9 (adminprint. php) Remote File Include Vulnerability

Vulnerability in PostNuke

From:	laurent gaffié <saps.audit_(at)_gmail.com>
Date:	22.11.2006
Subject:	eClassifieds [injection sql]

vendor site: http://enthrallweb.com/
product : eClassifieds
bug:injection sql
risk : medium

injection sql :
/ad.asp?AD_ID='[sql]
/ad.asp?cat_id='[sql]
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/ad.asp?cat_id=35&sub_id='[sql]
/ad.asp?cat_id=35&sub_id=102&ad_id='[sql]



laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com