MultiCalendars rss_out.asp Multiple Variable SQL Injection

2006-11-15T05:28:34
ID OSVDB:32752
Type osvdb
Reporter OSVDB
Modified 2006-11-15T05:28:34

Description

Manual Testing Notes

http://[target]/rss_out.asp?ID=1&MODE=1&M='[sql] http://[target]/rss_out.asp?ID=1&MODE=1&M=10&Y='[sql]

References:

Vendor URL: http://www.expinion.net/ Related OSVDB ID: 32753 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0253.html ISS X-Force ID: 30301 CVE-2006-5977