EasyWeb SQL Injection

2012-09-03T00:00:00
ID PACKETSTORM:116198
Type packetstorm
Reporter Prince
Modified 2012-09-03T00:00:00

Description

                                        
                                            `# Exploit Title: easyweb SQLi Vulnerability  
# Date: 09/03/2012  
# Author: Persia Security Group - (Prince & mafia1990)  
# Vendor Homepage: http://www.easy-web.it/  
# Version: All Version  
# Google Dork: intext:"powered by easyweb" site:it  
# Tested on: win 2003 & 2008 server , Vista , 7 & IIS 6.0, 7.0, 7.5  
==========================================================================================  
Vulnerability Details  
==========================================================================================  
  
/*********/  
intext:"powered by easyweb" site:it  
/*********/  
  
========================================Exploit============================================  
The SQLi vulnerability in param[?id=] &&==> .!..  
  
Code: asp, aspx, MSAccess  
  
Example:  
  
http://localhost/anyanyany.asp?id=XX[SQLi]  
  
Demo:  
http://www.cococool.it/dettagli.asp?id=1666[SQLi Here]  
  
==========================================================================================  
`