ASPrider16.txt

2005-12-02T00:00:00
ID PACKETSTORM:42008
Type packetstorm
Reporter Packet Storm
Modified 2005-12-02T00:00:00

Description

                                        
                                            `Vendor : http://www.asp-rider.com  
Vulnerable Versions : 1.6  
  
Where is the bug  
----------------------  
in default.asp :  
refsss=split(refererssss, "/",-1,1)  
refererdomain=refsss(2)  
strsql="Select * From tbl_refererd where domain='" & refererdomain & "'"  
objrs.open strsql, objconn,3,3  
----------------------  
  
and you can enter sql code to database with this referer CODE --> "http://[SQLINJECTION]"  
  
ASP-Rider splits "http://[SQLINJECTION]"  
two sections are :  
1)http://  
2)[SQLINJECTION]  
`