E-commerce Kit 1 PayPal Edition [ injection sql ]

vendor site:http://www.sitesoutlet.com/
product:E-commerce Kit 1 PayPal Edition
bug:injection sql
risk:medium

injection sql :
http://site.com/PATH/catalogue.asp?keyword='[sql]
http://site.com/PATH/catalogue.asp?cid='[sql]
http://site.com/PATH//viewDetail.asp?pid='[sql]

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]