20/20 Auto Gallery Multiple SQL Injection Vulnerabilities

20/20 Auto Gallery Multiple SQL Injection Vulnerabilities

Attackers can exploit these issues via a web client.

The following example URIs are available:

http://example.com/vehiclelistings.asp?vehicleID=[sql]
http://example.com/vehiclelistings.asp?categoryID_list=[sql]
http://example.com/vehiclelistings.asp?sale_type=[sql]
http://example.com/vehiclelistings.asp?sale_type=&categoryID_list=[sql]
http://example.com/vehiclelistings.asp?trKeywords=123&boolean=OR&stock_number=[sql]
http://example.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=[sql]
http://example.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=&model=[sql]
http://example.com/vehiclelistings.asp?trKeywords=123&boolean=OR&stock_number=&vehicleID=[sql]
http://example.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=&model=&year=[sql]
http://example.com/vehiclelistings.asp?trKeywords=123&boolean=OR&stock_number=&vehicleID=&vin=[sql]
http://example.com/vehiclelistings.asp?sale_type=&categoryID_list=&manufacturer=&model=&year=&listing_price=[sql]