Enthrallweb EClassifieds Multiple SQL Injection Vulnerabilities

Enthrallweb EClassifieds Multiple SQL Injection Vulnerabilities

An attacker can exploit this issue via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/ad.asp?AD_ID=[sql]
http://www.example.com/ad.asp?cat_id=[sql]
http://www.example.com/dircat.asp?cid=[sql]
http://www.example.com/dirSub.asp?sid=[sql]
http://www.example.com/ad.asp?cat_id=35&sub_id=[sql]
http://www.example.com/ad.asp?cat_id=35&sub_id=102&ad_id=[sql]