| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 19 Jul 2005 08:51:41 -0000 From: r_i_t_b_15@...oo.com To: bugtraq@...urityfocus.com Subject: SQL Injection in Chinese ASP Webcounter I found a vulnerability in a webcounter quite spread in China, I was not able to retrieve its name (if someone could help...). You can find examples of this webcounter by searching for "StatDay.asp" (hourly statistics for a given day), "StatMonth.asp" (daily statistics for a given month) or "StatYear.asp" (monthly statistics for a given year). From some URLs it is possible to download the whole package. This software is written in ASP (there is also a PHP version), and it has a SQL Injection vulnerability: for example you can call the script StatYear with parameter "QYear" [...]/StatYear.asp?QYear=2004 and retrieve the stats for 2004. The input is not filtered properly, so you can send a request like: [...]/StatYear.asp?QYear=2006%26%22%27%20union%20Select%20asc(mid(PassWord,1,1))%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%20From%20Infolist as Infolist is the (MS Access) table which stores the informations about the site being analyzed.
Powered by blists - more mailing lists