6 matches found
ASPSitem <= 2.0 - Remote (SQL Injection / DB Disclosure) Vulnerabilities
No description provided by source. ASPSitem = 2.0 Multiple Vulnerabilities. Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on ASPSitem = 2.0. Original advisory can be found at: http://www.nukedx.com/?viewdoc=39 SQL injection - GET -...
Code injection
Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter...
Sql injection
SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter...
CVE-2006-2793
CVE-2006-2793 describes an SQL injection vulnerability in Anket.asp within ASPSitem 2.0 and earlier. The hid parameter is injectable, allowing remote attackers to execute arbitrary SQL commands. Affected software: ASPSitem 2.0 and earlier (Anket.asp). Impact: information disclosure/integrity/avai...
CVE-2006-2794
CVE-2006-2794 affects Hesabim.asp in ASPSitem 2.0 and earlier. The underlying issue is insufficient access control: a modified id parameter lets remote attackers read private messages of other users. Documented impact is confidential data disclosure; no explicit patch/version remediation is provi...
ASPSitem 2.0 - SQL Injection / Database Disclosure
ASPSitem ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on ASPSitem GET - http://victim/ASPSitemDir/Anket.asp?hid=SQL EXAMPLE - http://victim/ASPSitemDir/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20 id%20like%201 with this example remote...