Bugtraq mailing list archives
HotWeb Rentals "PageId" SQL Injection Vulnerability
From: "non customers" <non-customers () operamail com>
Date: Tue, 28 Dec 2010 00:57:13 +0100
HotWeb Rentals "PageId" SQL Injection Vulnerability PRODUCT >>> http://www.hotwebscripts.co.uk/ Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. POC >>> default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users -- non-customers crew | http://rock-madrid.com/ -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com
Current thread:
- HotWeb Rentals "PageId" SQL Injection Vulnerability non customers (Dec 29)