Discovered By : Arsalan Emamjomehkashan admin (at) arsalank (dot) com [email concealed] aeries browser interface 3.7.2.2 SQL Injection Website:http://aeries.com/ Demo:you can test it on http://demo.aeries.com/abi/ Comments.asp?&FC=SQL Labels.asp?&Term=SQL ClassList.asp&Term=SQL -------------------------------- Aria-Security Team httP://Aria-Security.Net