Exploit Smart ASP Survey - Cross-Site Scripting / SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13880
Проверка EDB
  1. Пройдено
Автор
L0RD CRUSAD3R
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2010-5045
Дата публикации
2010-06-15
Код:
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:Smart ASP Survey SQL & XSS Vulnerable
Vendor url:http://www.sellatsite.com
Version:n/a
Published: 2010-06-15
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhrahackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

Smart ASP Survey is an easy-to-use application that provides your poll
results. Simply login to your admin panel and generate surveys.
Administrators can work from their browsers, any time, from anywhere. And,
there are no limits to the types of questions you can ask, how many polls
are stored in your archives, or how many optional answers to your poll
question. Simply login to admin start creating your surveys.

Features:

* Powerful Admin
* Upload your own logo.
* Add your own categories.
* Add/Edit/Delete Questions
* Add/Edit/Delete Answers
* Graphical Results
* Website Redirection on Survey Exit.
* User friendly Control panel.
* Complete Survey Record.
* Setup Site from Admin panel.


~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://server/poll/default.asp?catid=[sqli]

*XSS Vulnerable

Parameter:'"-->

DEMO URl:http://server/poll/default.asp?catid=

# 0day n0 m0re #
# L0rd CrusAd3r #

-- 
With R3gards,
L0rd CrusAd3r
 
Источник
www.exploit-db.com

Похожие темы