ehomes [multiples injections sql]

2006.12.01

Credit: laurent gaffi & benjamin moss

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-6205 | CVE-2006-6204

CWE: N/A

vendor site: http://enthrallweb.us/
product : ehomes  
bug:injection sql
risk : medium

injection sql :
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/types.asp?TYPE_ID='[sql]
/homeDetail.asp?AD_ID='[sql]
/result.asp?city=1&cat='[sql]
/compareHomes.asp?compare='[sql]
/compareHomes.asp?compare=Compare&clear='[sql]
/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[s
ql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=100
00000&abedrooms='[sql]

xss get :
/result.asp?city=[xss]
/result.asp?city=1&cat=2&imageField2=1&State=[xss]

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ehomes [multiples injections sql]

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.