Image gallery with Access Database SQL Injection

2006-11-17T00:00:00
ID SECURITYVULNS:DOC:15123
Type securityvulns
Reporter Securityvulns
Modified 2006-11-17T00:00:00

Description

Aria-Security Team Advisory

<www.Aria-security.Com For English >

<www.Aria-Security.net For Persian >

Original Advisory : http://aria-security.net/advisory/igwad.txt

-----------------------------------------------------------

Software: Image gallery with Access Database

Method : SQL Injection

PoC:

http://target/path/dispimage.asp?id=[SQL Injection]

http://target/path/default.asp?page=2&order=[SQL Injection]

http://target/path/default.asp?page=[SQL INJECTION]&order=id

Contact: Advisory@aria-security.net