vendor site:http://www.2020applications.com/
product:20/20 datashed
bug:injection sql
risk:high



injection sql get :
/f-email.asp?strPeopleID=1&itemID='[sql]
/listings.asp?peopleID='[sql]
/listings.asp?sort_order='[sql]





laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com