20/20 real estate [ multiples injection sql ]
Date: 17 Nov 2006 18:29:19 -0000
From: [email protected]
To: [email protected]
Subject: 20/20 real estate [ multiples injection sql ]
X-Virus-Scanned: antivirus-gw at tyumen.ru
vendor site:http://www.2020applications.com/
product:20/20 real estate
bug:injection sql
risk:high
injection sql get :
/listings.asp?itemID='[sql]
/listings.asp?peopleID='[sql]
/f-google_earth.asp?itemID='[sql]
/f-email.asp?strPeopleID=1&itemID='[sql]
/listings.asp?strPageSize=1&strCurrentPage=1&peopleID='[sql]
laurent gaffiИ & benjamin mossИ
http://s-a-p.ca/
contact: [email protected]
