| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051129130154.11969.qmail@securityfocus.com> Date: 29 Nov 2005 13:01:54 -0000 From: info@...er.com To: bugtraq@...urityfocus.com Subject: ASP-Rider Default.asp SQL Injection Vendor : http://www.asp-rider.com Vulnerable Versions : 1.6 Where is the bug ---------------------- in default.asp : refsss=split(refererssss, "/",-1,1) refererdomain=refsss(2) strsql="Select * From tbl_refererd where domain='" & refererdomain & "'" objrs.open strsql, objconn,3,3 ---------------------- and you can enter sql code to database with this referer CODE --> "http://[SQLINJECTION]" ASP-Rider splits "http://[SQLINJECTION]" two sections are : 1)http:// 2)[SQLINJECTION]
Powered by blists - more mailing lists