HotWeb Rentals "PageId" SQL Injection Vulnerability PRODUCT >>> http://www.hotwebscripts.co.uk/ Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. POC >>> default.asp?PageId=-15+union+select+11,22,33,44,55,66,77,88,99+from+users -- non-customers crew | http://rock-madrid.com/ -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com
