Bugtraq mailing list archives
CandyPress Store[ multiples injection sql ]
From: saps.audit () gmail com
Date: 14 Nov 2006 19:17:08 -0000
vendor site:http://www.candypress.com/ product:CandyPress Store bug:injection sql risk:medium injection sql (get) : http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='[sql] http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='[sql] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- CandyPress Store[ multiples injection sql ] saps . audit (Nov 16)