ClickContact SQL Injection

2006-11-28T00:00:00
ID SECURITYVULNS:DOC:15242
Type securityvulns
Reporter Securityvulns
Modified 2006-11-28T00:00:00

Description

Aria-Security Team Advisory

<www.Aria-security.Com For English >

<www.Aria-Security.net For Persian >

-----------------------------------------------------------

Software: Click Contact

Method: SQL injection

PoC:

http://target/default.asp?view=alpha&AlphaSort=[SQL Injection]

http://target/default.asp?In=[SQL INJECTION]

http://target/default.asp?view=All&orderby=[SQL Injection]

Contact: Advisory@aria-security.net