HotWeb Rentals "PageId" SQL Injection Vulnerability

HotWeb Rentals "PageId" SQL Injection Vulnerability

PRODUCT >>> http://www.hotwebscripts.co.uk/

Input passed to the "PageId" parameter in default.asp is not properly sanitised
before being used in
SQL queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

POC >>> default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users

–
non-customers crew | http://rock-madrid.com/

–

Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com