Link Exchange Lite [injection sql]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Link Exchange Lite [injection sql]
From: saps.audit@xxxxxxxxx
Date: 21 Nov 2006 19:33:44 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

vendor site: http://softacid.net/
product:Link Exchange Lite
bug: injection sql
risk : high 


injection sql (post) :
/search.asp
post your sql query into the search engine field


injection sql (get):
/linkslist.asp?psearch='[sql]



laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx

Prev by Date: Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include
Next by Date: [USN-382-1] Thunderbird vulnerabilities
Previous by thread: Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include
Next by thread: [USN-382-1] Thunderbird vulnerabilities
Index(es):
- Date
- Thread