vendor site:http://www.kervancilar.com/ product:Aspmforum bug:injection sql (get & post) risk:high injection sql get : /forum.asp?baslik='[sql] /forum2.asp?baslik=2&soruid='[sql] /kullanicilistesi.asp?ak=&at=&harf='[sql] /kullanicilistesi.asp?at=baslayan&ak='[sql] once logged : /mesajkutum.asp?eylem=oku&mesajno='[sql] //private message injection sql post: in : /aramayap.asp Variables: kelimeler='[sql] or just post your query into the search engine ... in : /giris.asp Variables: kullaniciadi='[sql]&parola=&I1.x=0&I1.y=0&I1=Submit or just post your query into the username field laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx
