Google Search: inurl:guestbook/guestbooklist.asp “Post Date” From
jeffball55 rates this entry 6 out of 10.
Submitted: 2005-12-19 00:00:00
Added by: jeffball55
A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/414708/30/0/threadedSeveral ways of finding the vulnerable file:Guestbook (the above dork): inurl:guestbook/guestbooklist.asp “Post Date” From Country Results 1 – 21 of 123Announcement: inurl:MainAnnounce1.asp “show all” Results 1 -20 of 86WebDirectory: inurl:webdirectory “Total Available Web Sites” Search Results 1 – 4 of 5MailingList: inurl:maillinglist/emailsadd.asp Results 1 – 6 of 6note these dorks don’t find the vulnerable script; to find it change the url to /admin/login.asp or /login.asp.The default admin user/pass is admin/admin. Some results leave this info on the page and others load the page with this info already filled out.