|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Aspmforum [ multiples injection sql (get&post)]
saps.audit
gmail.com
Date: Wed Nov 15 2006 - 12:43:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
vendor site:http://www.kervancilar.com/
product:Aspmforum
bug:injection sql (get & post)
risk:high
injection sql get :
/forum.asp?baslik='[sql]
/forum2.asp?baslik=2&soruid='[sql]
/kullanicilistesi.asp?ak=&at=&harf='[sql]
/kullanicilistesi.asp?at=baslayan&ak='[sql]
once logged :
/mesajkutum.asp?eylem=oku&mesajno='[sql] //private message
injection sql post:
in : /aramayap.asp
Variables:
kelimeler='[sql]
or just post your query into the search engine ...
in : /giris.asp
Variables:
kullaniciadi='[sql]&parola=&I1.x=0&I1.y=0&I1=Submit
or just post your query into the username field
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.auditgmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]