TUCoPS :: HP Unsorted C :: b06-5955.htm

creadirectory
creadirectory
creadirectory 


vendor site: http://www.creascripts.com/ 
product:creadirectory
bug: injection sql & xss
risk : medium 


injection sql:
/search.asp?search=1&submit=Search&category='[sql]


xss:
/addlisting.asp?cat=[xss]
/search.asp?search=[xss]


laurent gaffi=E9 & benjamin moss=E9
http://s-a-p.ca/ 
contact: saps.audit@gmail.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH