Smart ASP Survey - catid SQL Injection

2009-08-27T00:00:00
ID EXPLOITPACK:60AB8707EBA733AE241E333C255C3AB3
Type exploitpack
Reporter Moudi
Modified 2009-08-27T00:00:00

Description

Smart ASP Survey - catid SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/43370/info

Smart ASP Survey is prone to a SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting the vulnerability could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/poll/showresult.asp?catid=[sqli]