ClickGallery gallery.asp orderby Variable SQL Injection

2006-11-26T09:03:57
ID OSVDB:30765
Type osvdb
Reporter OSVDB
Modified 2006-11-26T09:03:57

Description

Manual Testing Notes

http://[target]/gallery.asp?currentpage=2&orderby=[SQL Injection]

References:

Secunia Advisory ID:23136 Related OSVDB ID: 30761 Related OSVDB ID: 30766 Related OSVDB ID: 30763 Related OSVDB ID: 30762 Related OSVDB ID: 30764 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0519.html