eClassifieds suffers from multiple SQL injection vulnerabilities.
21cce5b70a6c06bc697723272076e0004699727ac53442036fb0230ddc9e1d30
vendor site: http://enthrallweb.com/
product : eClassifieds
bug:injection sql
risk : medium
injection sql :
/ad.asp?AD_ID='[sql]
/ad.asp?cat_id='[sql]
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/ad.asp?cat_id=35&sub_id='[sql]
/ad.asp?cat_id=35&sub_id=102&ad_id='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com