vendor site:http://www.alanward.net/ product:A-Cart pro bug:injection sql risk:medium injection sql (get) : /category.asp?catcode='[sql] /product.asp?productid='[sql] injection sql (post) : http://site.com/search.asp Variables: /search.asp?search='[sql] ( or just post your query in the search engine ... ) laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx