https://cxsecurity.com/issue/WLB-2006120014
ehomes [multiples injections sql]
| 漏洞ID | 1053083 | 漏洞类型 | |
| 发布时间 | 2006-12-01 | 更新时间 | 2006-12-01 |
 CVE编号
|
CVE-2006-6205
CVE-2006-6204 |
 CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
vendor site: http://enthrallweb.us/
product : ehomes
bug:injection sql
risk : medium
injection sql :
/dircat.asp?cid='[sql]
/dirSub.asp?sid='[sql]
/types.asp?TYPE_ID='[sql]
/homeDetail.asp?AD_ID='[sql]
/result.asp?city=1&cat='[sql]
/compareHomes.asp?compare='[sql]
/compareHomes.asp?compare=Compare&clear='[sql]
/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[s
ql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=100
00000&abedrooms='[sql]
xss get :
/result.asp?city=[xss]
/result.asp?city=1&cat=2&imageField2=1&State=[xss]
laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]检索漏洞
开始时间
结束时间