Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15169
HistoryNov 22, 2006 - 12:00 a.m.

ehomes [multiples injections sql]

2006-11-2200:00:00
vulners.com
91

vendor site: http://enthrallweb.us/
product : ehomes
bug:injection sql
risk : medium

injection sql :
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/types.asp?TYPE_ID='[sql]
/homeDetail.asp?AD_ID='[sql]
/result.asp?city=1&cat='[sql]
/compareHomes.asp?compare='[sql]
/compareHomes.asp?compare=Compare&clear='[sql]
/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=10000000&abedrooms='[sql]

xss get :
/result.asp?city=[xss]
/result.asp?city=1&cat=2&imageField2=1&State=[xss]

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: [email protected]