gNews Publisher categories.asp Multiple Variable SQL Injection

2006-11-20T02:13:37
ID OSVDB:31919
Type osvdb
Reporter OSVDB
Modified 2006-11-20T02:13:37

Description

Manual Testing Notes

http://[target]/categories.asp?catID=[SQL Injection] http://[target]/categories.asp?editorID=[SQL Injection]

References:

Other Advisory URL: http://www.aria-security.com/forum/showthread.php?t=37 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0380.html ISS X-Force ID: 30422 CVE-2006-6080 Bugtraq ID: 21194