ASP Basit Haber Script 1.0 – ‘id’ SQL Injection

Exploit Database
18 阅读

作者： m3rciL3Ss

日期： 2011-09-18
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/36138/

source: https://www.securityfocus.com/bid/49667/info

ASP Basit Haber Script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

ASP Basit Haber Script 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/haber.asp?id=28+union+select+0,kullaniciadi,sifre,3,4,5+from+admin

last Exploits
ASP Basit Haber Script 1.0 – ‘id’ SQL Injection的更多信息

VirtuaSystems VirtuaNews Pro 1.0.4 – ‘admin.php’ Cross-Site Scripting：
MyBB 1.8 Beta 3 – Multiple Vulnerabilities：
Open Web Analytics 1.2.3 – Multiple File Inclusions：
phpCMS 2008 V2 – ‘data.php’ SQL Injection：
Lawyer Search Script 1.1 – ‘lawyer-list?city’ SQL Injection：
Mambo 4.x – ‘Zorder’ SQL Injection：
Joomla! Component CamelcityDB 2.2 – SQL Injection：
Zen Cart 1.3.9h – Local File Inclusion：