SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.Referenceshttp://marc.info/?l=bugtraq&m=105845898003616&w=2
