ASP Product catalog SQL injection vulnerability.

A nice little SQL injection vulnerability exists within ASP Product Catalog. The application fails to check for bad input from GET'd variables used in SQL query operations. In this case, the variable [cid] can be used for SQL injection queries. Exam...

[ more ]