[Aria-Security Team] DuWare DuNews SQL Injection Vuln

2006-12-02T00:00:00
ID SECURITYVULNS:DOC:15285
Type securityvulns
Reporter Securityvulns
Modified 2006-12-02T00:00:00

Description

Aria-Security Team Advisory

<www.Aria-security.Com For English >

<www.Aria-Security.net For Persian >

Original Advisory:

http://www.aria-security.com/forum/showthread.php?t=61

-----------------------------------------------------------

Software: DuNews

Method: SQL Injection

Vendor: http://www.duware.com/

PoC:

http://target/type.asp?iType=[SQL Injection]

http://target/detail.asp?iNews=[SQL Injection]

http://target/detail.asp?iType=[SQL Injection]

http://target/detail.asp?action=[SQL Injection]

Contact: Advisory@aria-security.net