vendor site: http://softacid.net/ product:Link Exchange Lite bug: injection sql risk : high injection sql (post) : /search.asp post your sql query into the search engine field injection sql (get): /linkslist.asp?psearch='[sql] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx