20/20 real estate suffers from multiple SQL injection vulnerabilities.
cb0453b36f44a7214d03f74590a24d513d165b2bb82de50f4936f9d8bf13cfb2
vendor site:http://www.2020applications.com/
product:20/20 real estate
bug:injection sql
risk:high
injection sql get :
/listings.asp?itemID='[sql]
/listings.asp?peopleID='[sql]
/f-google_earth.asp?itemID='[sql]
/f-email.asp?strPeopleID=1&itemID='[sql]
/listings.asp?strPageSize=1&strCurrentPage=1&peopleID='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com