Active News Manager [ injection sql (post&get)]
Date: 14 Nov 2006 22:05:45 -0000
From: [email protected]
To: [email protected]
Subject: Active News Manager [ injection sql (post&get)]
X-Virus-Scanned: antivirus-gw at tyumen.ru
vendor site:http://www.dotnetindex.com/
product:Active News Manager
bug:injection sql
risk:medium
injection sql (get)
http://site.com/activenews/activeNews_categories.asp?catID='[sql]
http://site.com/activeNews_comments.asp?articleID='[sql]
injection sql(post) :
in the search engine:
/activenews/activenews_search.asp
variables :
query='[sql]
( or post your query into the search engine ..)
laurent gaffiИ & benjamin mossИ
http://s-a-p.ca/
contact: [email protected]
