Bugtraq mailing list archives
Aspmforum [ multiples injection sql (get&post)]
From: saps.audit () gmail com
Date: 15 Nov 2006 18:43:05 -0000
vendor site:http://www.kervancilar.com/ product:Aspmforum bug:injection sql (get & post) risk:high injection sql get : /forum.asp?baslik='[sql] /forum2.asp?baslik=2&soruid='[sql] /kullanicilistesi.asp?ak=&at=&harf='[sql] /kullanicilistesi.asp?at=baslayan&ak='[sql] once logged : /mesajkutum.asp?eylem=oku&mesajno='[sql] //private message injection sql post: in : /aramayap.asp Variables: kelimeler='[sql] or just post your query into the search engine ... in : /giris.asp Variables: kullaniciadi='[sql]&parola=&I1.x=0&I1.y=0&I1=Submit or just post your query into the username field laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- Aspmforum [ multiples injection sql (get&post)] saps . audit (Nov 17)