Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23233
HistoryFeb 16, 2010 - 12:00 a.m.

LDF (Default.asp) Sql Injection Vulnerability

2010-02-1600:00:00
vulners.com
38

Product : LDF
vendor : www.ldf.22.cn
Vulnerable Versions : All

Default.asp Page has an issue on validating "Page" parameter , It could be exploited by attacker &
attacker can inject arbitrary Sql Commands

http://www.example.com/[ldf path]/default.asp?page=[SQL COMMAND]