Rapid Classified v3.1 [multiple xss (get) & injection sql]

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053064 漏洞类型
发布时间 2007-01-15 更新时间 2007-01-15
CVE编号 CVE-2006-6930
CVE-2006-6929
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007010057
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
vendor site: http://www.4u2ges.com/
product : Rapid Classified v3.1 
bug: multiple xss (get) & injection sql
risk : medium

injection sql :
/viewad.asp?id='[sql]

xss :
/reply.asp?id=[xss]
/view_print.asp?id=[xss]
/search.asp?categoryName=1&SH1=[xss]
/reply.asp?id=50120815480100001&name=[xss]
/advsearch.asp?zipr=1&D1=0&D4=1&zipOpt=20&dosearch=[xss]

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]