DUnews detail.asp Multiple Variable SQL Injection

2006-12-01T07:03:57
ID OSVDB:31724
Type osvdb
Reporter OSVDB
Modified 2006-12-01T07:03:57

Description

Manual Testing Notes

http://[target]/detail.asp?iNews=[SQL Injection] http://[target]/detail.asp?iType=[SQL Injection] http://[target]/detail.asp?action=[SQL Injection]

References:

Secunia Advisory ID:23228 Other Advisory URL: http://www.aria-security.com/forum/showthread.php?t=61 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0026.html FrSIRT Advisory: ADV-2006-4834 CVE-2006-6354 Bugtraq ID: 15681