Virtual Programming VP-ASP shopexd.asp SQL Injection Vulnerability

info
discussion
exploit
solution
references

Virtual Programming VP-ASP shopexd.asp SQL Injection Vulnerability

It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the underlying database engine.