Turnkey Websites SearchResults.php Multiple Parameter SQL Injection

2005-03-03T20:32:42
ID OSVDB:15236
Type osvdb
Reporter OSVDB
Modified 2005-03-03T20:32:42

Description

Manual Testing Notes

http://[victim]/SearchResults.php?SearchTerm='SQL_INJECTION&where='SQL_INJECTION&ord1=ItemPrice&ord2=desc http://[victim]/SearchResults.php?SearchTerm=dcrab&where='SQL_INJECTION&ord1=&ord2=desc http://[victim]/SearchResults.php?SearchTerm=dcrab&where=ItemDescription&ord1=ItemPrice&ord2='SQL_INJECTION

References:

Vendor URL: http://www.turnkeywebsites.info/ Security Tracker: 1013633 Other Advisory URL: http://digitalparadox.org/advisories/tksc.txt