[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln

2006-12-05T00:00:00
ID SECURITYVULNS:DOC:15292
Type securityvulns
Reporter Securityvulns
Modified 2006-12-05T00:00:00

Description

Aria-Security Team Advisory

<www.Aria-security.Com For English >

<www.Aria-Security.net For Persian >

Original Advisory:

http://www.aria-security.com/forum/showthread.php?t=62

-----------------------------------------------------------

Software: DuPaypal

Method: SQL Injection

Vendor: http://www.duware.com/

PoC:

/DUpaypal/type.asp?iType=[SQL Injection]

/DUpaypal/detail.asp?iPro=196&iType=[SQL Injection]

/DUpaypal/detail.asp?iPro=[SQL Injection]

Contact: Advisory@aria-security.net