[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HotWeb Rentals "PageId" SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: HotWeb Rentals "PageId" SQL Injection Vulnerability
From: "non customers" <non-customers@xxxxxxxxxxxxx>
Date: Tue, 28 Dec 2010 00:57:13 +0100

HotWeb Rentals "PageId" SQL Injection Vulnerability

PRODUCT >>> http://www.hotwebscripts.co.uk/

Input passed to the "PageId" parameter in default.asp is not properly sanitised 
before being used in
SQL queries. This can be exploited to manipulate SQL queries by injecting 
arbitrary SQL code.

POC >>> 
default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users

-- 
non-customers crew | http://rock-madrid.com/




-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Prev by Date: [ MDVSA-2010:251-1 ] firefox
Next by Date: YEKTAWEB CMS XSS Vulnerability
Previous by thread: [ MDVSA-2010:251-1 ] firefox
Next by thread: YEKTAWEB CMS XSS Vulnerability
Index(es):
- Date
- Thread