TUCoPS :: HP Unsorted A :: tb12766.htm

ASP Product catalog SQL injection vulnerability
ASP Product catalog SQL injection vulnerability
ASP Product catalog SQL injection vulnerability


ASP Product catalog SQL injection vulnerability.


A nice little SQL injection vulnerability exists within ASP Product Catalog. The application fails to check for bad input from GET'd variables used in SQL query operations. In this case, the variable [cid] can be used for SQL injection queries. Example:

http://www.example.com/Catalog/catalog.asp?cid=8%20union%20all%20select%20Password,User_ID,Password,User_ID,Password,User_ID,Password%20from%20admin# 

For those unfamiliar with how I got the table names and fields, it was retireved from the mdb file included with Asp Product catalog. A few oder by's reveals 9 columns...And we grab our username and password from the list. Now, we can login to our catalog and have fun.

http://www.example.com/catalog/login.asp 

Stay secure.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH