AlstraSoft AskMe Pro search.php cat_id Variable SQL Injection

2007-07-22T00:00:00
ID OSVDB:37096
Type osvdb
Reporter OSVDB
Modified 2007-07-22T00:00:00

Description

Manual Testing Notes

http://[target]/ask/search.php?cat_id=14-18%20or%201=1 // SQL

References:

Related OSVDB ID: 37095 Other Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html CVE-2007-4085